• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Tick APT Group Hacked East Asian DLP Software Firm

You are here: Home / General Cyber Security News / Tick APT Group Hacked East Asian DLP Software Firm
March 15, 2023

A new malware marketing campaign targeting an East Asian enterprise that develops information-reduction prevention (DLP) computer software for governing administration and armed forces entities has been attributed to the sophisticated persistent menace (APT) group regarded as Tick.

In accordance to an advisory posted by ESET on Tuesday, the danger actor breached the DLP company’s internal update servers to deliver malware inside of its network. It then trojanized reputable resource installers made use of by the agency, primary to malware currently being executed on two of its customers’ computers.

“During the intrusion, the attackers deployed a formerly undocumented downloader named ShadowPy, and they also deployed the Netboy backdoor (aka Invader) and Ghostdown downloader,” wrote ESET malware researcher Facundo Muñoz.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The security pro extra that Tick has reportedly been lively because at minimum 2006, using a exclusive personalized malware toolset created for persistent entry in compromised machines, as nicely as reconnaissance, information exfiltration and further tool obtain.

“Our most current report into Tick’s activity observed it exploiting the ProxyLogon vulnerability to compromise a South Korean IT firm, as a single of the teams with obtain to that distant code execution exploit just before the vulnerability was publicly disclosed,” Muñoz explained.

Study extra on ProxyLogon here: Hackers Disguise Malware in Windows Brand, Concentrate on Center East Governments

Having said that, the attack on the DLP firm was noticed by ESET in March 2021. The hackers would have deployed malware that thirty day period, and months later began introducing trojanized copies of the Q-dir installers.

The APT team then compromised the targeted company’s network in June and September 2021, transferring the trojanized Q-dir installers to customers of the compromised firm in February and June 2022.

“Based on Tick’s profile and the compromised company’s higher-benefit purchaser portfolio, the objective of the attack was most most likely cyber espionage,” Muñoz wrote. 

How the DLP firm was first compromised is at this time unknown. Still, ESET hypothesized the firm’s clients had been obtaining complex guidance by means of a remote help application and the malicious installer was utilized unknowingly on customer devices.

“It is not likely that the attackers installed aid resources to transfer the trojanized installers themselves,” Muñoz added.

Tick is a person of lots of ATP teams currently focusing on Asia-dependent organizations. The Test Stage Investigation (CPR) staff not long ago published an advisory detailing an espionage marketing campaign enlargement in the location by the menace actor known as Sharp Panda.


Some parts of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News “FakeCalls” Android Malware Targets Financial Firms in South Korea
Next Post: CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild cisa issues urgent warning: adobe coldfusion vulnerability exploited in the»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.