• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

New Backdoor Created Using Leaked CIA’s Hive Malware Discovered in the Wild

You are here: Home / General Cyber Security News / New Backdoor Created Using Leaked CIA’s Hive Malware Discovered in the Wild
January 16, 2023

CIA's Hive Malware

Unknown risk actors have deployed a new backdoor that borrows its attributes from the U.S. Central Intelligence Company (CIA)’s Hive multi-system malware suite, the resource code of which was introduced by WikiLeaks in November 2017.

“This is the 1st time we caught a variant of the CIA Hive attack package in the wild, and we named it xdr33 based on its embedded Bot-side certification CN=xdr33,” Qihoo Netlab 360’s Alex Turing and Hui Wang explained in a specialized compose-up published very last week.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


xdr33 is reported to be propagated by exploiting a security vulnerability in the F5 appliance and speaking with a command-and-command (C2) server using SSL with forged Kaspersky certificates.

The intent of the backdoor, for each the Chinese cybersecurity organization, is to harvest sensitive info and act as a launchpad for subsequent intrusions. It improves upon Hive by introducing new C2 instructions and functionalities, amongst other implementation modifications.

The ELF sample further more operates as a Beacon by periodically exfiltrating system metadata to the distant server and executing commands issued by the C2.

CIA's Hive Malware
CIA's Hive Malware

This incorporates the capability to obtain and add arbitrary data files, operate instructions utilizing cmd, and start shell, in addition to updating and erasing traces of by itself from the compromised host.

The malware also incorporates a Set off module that is created to eavesdrop on network visitors for a unique “bring about” packet in buy to extract the C2 server stated in the IP packet’s payload, set up connection, and hold out for the execution of commands issued by the C2.

“It is really worth noting that Induce C2 differs from Beacon C2 in the specifics of interaction soon after setting up an SSL tunnel, [the] bot and Cause C2 use a Diffie-Helllman essential exchange to establish a shared crucial, which is utilised in the AES algorithm to generate a second layer of encryption,” the researchers explained.

Found this post intriguing? Comply with us on Twitter  and LinkedIn to study extra distinctive content we submit.


Some components of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News US Court Orders $17m Be Given to BitConnect Victims

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Backdoor Created Using Leaked CIA’s Hive Malware Discovered in the Wild
  • US Court Orders $17m Be Given to BitConnect Victims
  • TikTok Fined Over $5m for Cookie Violations
  • Guide to Building Secure, Compliant Containerswww.drata.comContainer Security / DevSecOpsA guide to improving container security posture for cloud-first organizations. Download it now.
  • Malware Attack on CircleCI Engineer’s Laptop Leads to Recent Security Incident
  • Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability
  • TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws
  • Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers
  • Pro-Russian Hacktivist Group Targets Czech Presidential Election
  • Russian Hackers Try to Bypass ChatGPT’s Restrictions For Malicious Purposes

Copyright © TheCyberSecurity.News, All Rights Reserved.