• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Lancefly APT Custom Backdoor Targets Government and Aviation Sectors

You are here: Home / General Cyber Security News / Lancefly APT Custom Backdoor Targets Government and Aviation Sectors
May 15, 2023

The superior persistent threat (APT) group recognized as Lancefly has been observed deploying a custom-composed backdoor in attacks focusing on companies in South and Southeast Asia.

In accordance to new facts from Symantec’s Risk Hunter Team, these campaigns have been ongoing for various several years.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“Lancefly’s tailor made malware, which we have dubbed Merdoor, is a impressive backdoor that seems to have existed considering the fact that 2018,” reads an advisory published by the organization previously right now.

“Symantec researchers observed it remaining utilised in some activity in 2020 and 2021, as perfectly as this more recent campaign, which ongoing into the 1st quarter of 2023. The drive behind both these campaigns is considered to be intelligence collecting.”

Study much more on teams focusing on intelligence collecting: Cranefly Hackers Use Stealthy Tactics to Supply and Manage Malware

Symantec spelled out that over the many years, the backdoor has only appeared on a number of networks and devices, indicating extremely specific usage. The attackers in this campaign would also be geared up with an up to date model of the ZXShell rootkit.

“The targets in this most the latest activity, which began in mid-2022 and ongoing into 2023, are dependent in South and Southeast Asia, in sectors which include govt, aviation, training, and telecoms,” Symantec included.

The company clarified that the Merdoor backdoor was used in attacks focusing on victims in the governing administration, communications and technology sectors in the very same geographical places in 2020 and 2021.

“Like this recent exercise, that action also appeared to be remarkably focused, with only a smaller quantity of machines infected.”

Technically, Merdoor disguises by itself as a authentic company and has keylogging abilities. It can connect with its command-and-control (C2) server by means of various solutions and pay attention for instructions on a area port. 

The backdoor is generally injected into legitimate procedures and dispersed as a result of a self-extracting RAR dropper that contains a vulnerable binary, a malicious loader (Merdoor loader) and an encrypted file (Merdoor backdoor). Symantec also wrote that some dropper variants exploit more mature versions of respectable applications for DLL sideloading.

“While the Merdoor backdoor appears to have been in existence for several decades, it seems to only have been made use of in a tiny quantity of attacks in that time interval,” reads the advisory. “This prudent use of the software may perhaps reveal a need by Lancefly to maintain its exercise below the radar.”

Symantec’s discovery comes a few months soon after menace researchers at EclecticIQ shed light-weight on a new Dark Pink campaign targeting govt entities in ASEAN (Association of Southeast Asian Nations) countries.


Some parts of this post are sourced from:
www.infosecurity-journal.com

Previous Post: «industrial cellular routers at risk: 11 new vulnerabilities expose ot Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks
Next Post: Ex-Ubiquiti Employee Imprisoned For $2m Crypto Extortion Scheme Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.