• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Tick APT Group Hacked East Asian DLP Software Firm

You are here: Home / General Cyber Security News / Tick APT Group Hacked East Asian DLP Software Firm
March 15, 2023

A new malware marketing campaign targeting an East Asian enterprise that develops information-reduction prevention (DLP) computer software for governing administration and armed forces entities has been attributed to the sophisticated persistent menace (APT) group regarded as Tick.

In accordance to an advisory posted by ESET on Tuesday, the danger actor breached the DLP company’s internal update servers to deliver malware inside of its network. It then trojanized reputable resource installers made use of by the agency, primary to malware currently being executed on two of its customers’ computers.

“During the intrusion, the attackers deployed a formerly undocumented downloader named ShadowPy, and they also deployed the Netboy backdoor (aka Invader) and Ghostdown downloader,” wrote ESET malware researcher Facundo Muñoz.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The security pro extra that Tick has reportedly been lively because at minimum 2006, using a exclusive personalized malware toolset created for persistent entry in compromised machines, as nicely as reconnaissance, information exfiltration and further tool obtain.

“Our most current report into Tick’s activity observed it exploiting the ProxyLogon vulnerability to compromise a South Korean IT firm, as a single of the teams with obtain to that distant code execution exploit just before the vulnerability was publicly disclosed,” Muñoz explained.

Study extra on ProxyLogon here: Hackers Disguise Malware in Windows Brand, Concentrate on Center East Governments

Having said that, the attack on the DLP firm was noticed by ESET in March 2021. The hackers would have deployed malware that thirty day period, and months later began introducing trojanized copies of the Q-dir installers.

The APT team then compromised the targeted company’s network in June and September 2021, transferring the trojanized Q-dir installers to customers of the compromised firm in February and June 2022.

“Based on Tick’s profile and the compromised company’s higher-benefit purchaser portfolio, the objective of the attack was most most likely cyber espionage,” Muñoz wrote. 

How the DLP firm was first compromised is at this time unknown. Still, ESET hypothesized the firm’s clients had been obtaining complex guidance by means of a remote help application and the malicious installer was utilized unknowingly on customer devices.

“It is not likely that the attackers installed aid resources to transfer the trojanized installers themselves,” Muñoz added.

Tick is a person of lots of ATP teams currently focusing on Asia-dependent organizations. The Test Stage Investigation (CPR) staff not long ago published an advisory detailing an espionage marketing campaign enlargement in the location by the menace actor known as Sharp Panda.


Some parts of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News “FakeCalls” Android Malware Targets Financial Firms in South Korea
Next Post: CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild cisa issues urgent warning: adobe coldfusion vulnerability exploited in the»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • N. Korean Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks
  • Ransomware-as-a-Service: The Growing Threat You Can’t Ignore
  • Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software
  • WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability
  • Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme
  • Microsoft Warns of COLDRIVER’s Evolving Evading and Credential-Stealing Tactics
  • New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices
  • Hacking the Human Mind: Exploiting Vulnerabilities in the ‘First Line of Cyber Defense’
  • Building a Robust Threat Intelligence with Wazuh
  • Governments May Spy on You by Requesting Push Notifications from Apple and Google

Copyright © TheCyberSecurity.News, All Rights Reserved.