By Daniel Lunghi and Ecular Xu – In the process of monitoring changes in the threat landscape, we get a clearer insight into the way threat actors work behind the schemes.
In this case we dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius, Patchwork, and another threat actor called Bahamut. For the sake of this report, we will call this unnamed threat actor “Urpage.”
What sets Urpage attacks apart is its targeting of InPage, a word processor for Urdu and Arabic languages. However, its Delphi backdoor component, which it has in common with Confucius and Patchwork, and its apparent use of Bahamut-like malware, is what makes it more intriguing as it connects Urpage to these other known threats.
In our previous entry, we already covered the Delphi component in the context of the Confucius and Patchwork connection. We mentioned Urpage as a third unnamed threat actor connected to the two. This time, we look into Urpage to gain a deeper insight into the way several threat actors’ actions intersect…
Lese weiter auf: The Urpage Connection to Bahamut, Confucius and Patchwork
Quelle: TrendLabs Malware Blog
Kommentare und FragenMöchtest Du zu diesem Artikel ein Kommentar abgeben oder hast dazu eine Frage, dann mach dies bitte immer auf der Herausgeberseite!
Aktuelles von TrendLabs Malware Blog
- Monero Miner-Malware Uses RADMIN, MIMIKATZ to Infect, Propagate via Vulnerability
- February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server
- Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
- Windows App Runs on Mac, Downloads Info Stealer and Adware
- Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
- Various Google Play ‘Beauty Camera’ Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures
- ThinkPHP Vulnerability Abused by Botnets Hakai and Yowai
- Going In-depth with Emotet: Multilayer Operating Mechanisms
- Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics
- New Magecart Attack Delivered Through Compromised Advertising Supply Chain
Diese Information erscheint unabhängig vom Artikel!