• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • Contact Us

iHash

News and How to's

  • Apple iPad Mini 2 (2013) 7.9" 16GB – Silver (Refurbished: Wi-Fi Only) for $87

    Apple iPad Mini 2 (2013) 7.9" 16GB – Silver (Refurbished: Wi-Fi Only) for $87
  • Seido™ Japanese Master Chef's 8-Piece Knife with Gift Box – Buy One Get One FREE! for $139

    Seido™ Japanese Master Chef's 8-Piece Knife with Gift Box – Buy One Get One FREE! for $139
  • CleanMyMac One-Time Purchase: Lifetime License for $62

    CleanMyMac One-Time Purchase: Lifetime License for $62
  • UltraVPN Secure USA VPN Proxy: 3 Year Subscription + Free Antivirus for 30 Days for $29

    UltraVPN Secure USA VPN Proxy: 3 Year Subscription + Free Antivirus for 30 Days for $29
  • Wordela Vocabulary Mastery: Lifetime Subscription for $39

    Wordela Vocabulary Mastery: Lifetime Subscription for $39
  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

New “SockDetour” Fileless, Socketless Backdoor Targets U.S. Defense Contractors

Feb 25, 2022 by iHash Leave a Comment

SockDetour Malware

Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts.

“SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as a backup backdoor in case the primary one fails,” Palo Alto Networks’ Unit 41 threat intelligence said in a report published Thursday. “It is difficult to detect, since it operates filelessly and socketlessly on compromised Windows servers.”

Even more concerningly, SockDetour is believed to have been used in attacks since at least July 2019, based on a compilation timestamp on the sample, implying that the backdoor successfully managed to slip past detection for over two-and-a-half years.

Automatic GitHub Backups

The attacks have been attributed to a threat cluster it tracks as TiltedTemple (aka DEV-0322 by Microsoft), which is designated moniker for a hacking group operating out of China and was instrumental in exploiting zero-day flaws in Zoho ManageEngine ADSelfService Plus and ServiceDesk Plus deployments as a launchpad for malware attacks last year.

The ties to TiltedTemple come from overlaps in the attack infrastructure, with one of the command-and-control (C2) servers that was used to facilitate the distribution of malware for the late 2021 campaigns also hosting the SockDetour backdoor, alongside a memory dumping utility and numerous web shells for remote access.

Unit 42 said it unearthed evidence of at least four defense contractors targeted by the new wave of attacks, resulting in the compromise of one of them.

The intrusions also predate the attacks that occurred through compromised Zoho ManageEngine servers in August 2021 by a month. Analysis of the campaign has revealed that SockDetour was delivered from an external FTP server to a U.S.-based defense contractor’s internet-facing Windows server on July 27, 2021.

Prevent Data Breaches

“The FTP server that hosted SockDetour was a compromised Quality Network Appliance Provider (QNAP) small office and home office (SOHO) network-attached storage (NAS) server,” the researchers pointed out. “The NAS server is known to have multiple vulnerabilities, including a remote code execution vulnerability, CVE-2021-28799.”

What’s more, the same server is said to have been already infected with the QLocker ransomware, raising the possibility the TiltedTemple actor leveraged the aforementioned flaw to gain unauthorized initial access.

SockDetour, for its part, is fashioned as a stand-in backdoor that hijacks legitimate processes’ network sockets to establish its own encrypted C2 channel, followed by loading an unidentified plugin DLL file retrieved from the server.

“Thus, SockDetour requires neither opening a listening port from which to receive a connection nor calling out to an external network to establish a remote C2 channel,” the researchers said. “This makes the backdoor more difficult to detect from both host and network level.”

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: backdoor, computer security, Contractors, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, Defense, Fileless, hacker news, hacking news, how to hack, information security, network security, ransomware malware, SockDetour, Socketless, software vulnerability, targets, the hacker news

Special Offers

  • Apple iPad Mini 2 (2013) 7.9" 16GB – Silver (Refurbished: Wi-Fi Only) for $87

    Apple iPad Mini 2 (2013) 7.9" 16GB – Silver (Refurbished: Wi-Fi Only) for $87
  • Seido™ Japanese Master Chef's 8-Piece Knife with Gift Box – Buy One Get One FREE! for $139

    Seido™ Japanese Master Chef's 8-Piece Knife with Gift Box – Buy One Get One FREE! for $139
  • CleanMyMac One-Time Purchase: Lifetime License for $62

    CleanMyMac One-Time Purchase: Lifetime License for $62
  • UltraVPN Secure USA VPN Proxy: 3 Year Subscription + Free Antivirus for 30 Days for $29

    UltraVPN Secure USA VPN Proxy: 3 Year Subscription + Free Antivirus for 30 Days for $29
  • Wordela Vocabulary Mastery: Lifetime Subscription for $39

    Wordela Vocabulary Mastery: Lifetime Subscription for $39

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

AI Empowers Microfinance: Revolutionizing Fraud Detection

Jun 1, 2023 By iHash

Apple, MLB announce July “Friday Night Baseball” schedule on Apple TV+

Jun 1, 2023 By iHash

Tags

* Apple Cisco computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS 7 iOS 8 iPhone Malware microsoft network security ransomware ransomware malware risk management Secure security security breaches security vulnerabilities software vulnerability the hacker news Threat update video web applications

Latest

A Guide to Log File Parsing Tools

A Guide to Log File Parsing Tools

While log parsing isn’t very sexy and never gets much credit, it is fundamental to productive and centralized log analysis. Log parsing extracts information in your logs and organizes them into fields. Without well-structured fields in your logs, searching and visualizing your log data is near impossible. In this article, we’ll review some of the […]

Triangulation: Trojan for iOS

Triangulation: Trojan for iOS | Kaspersky official blog

Hi all, today we have very big and important news. Kaspersky experts have discovered an extremely complex, professionally targeted cyberattack that uses Apple’s mobile devices. The purpose of this attack is the inconspicuous introduction of spyware into the iPhones of employees of the company – both top and middle-management. The attack is carried out using […]

Apple iPad Mini 2 (2013) 7.9" 16GB – Silver (Refurbished: Wi-Fi Only) for $87

Expires June 01, 2123 23:59 PST Buy now and get 37% off KEY FEATURES The Apple iPad Mini 2nd Gen is a compact, portable tablet with a powerful and versatile experience. Its 7.9-inch Retina display delivers vibrant visuals and sharp image quality. The Wi-Fi-only model ensures easy connectivity to wireless networks for browsing, streaming, and […]

Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks

May 31, 2023Ravie LakshmananAdvanced Persistent Threat The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. This includes educational entities, government agencies, military bodies, and non-profit organizations, indicating the adversarial crew’s continued focus on […]

How to give back to the Elastic community

How to give back to the Elastic community

One of the most beautiful things about having a front-row seat in the Elastic Community is witnessing folks helping each other. From Discuss and the Elastic Community Slack workspace to the Official Elastic YouTube channel no matter where you turn, you’ll see Elasticsearch pros and beginners sharing their knowledge. That’s why we created the Elastic […]

Safeguards against firmware signed with stolen MSI keys

Safeguards against firmware signed with stolen MSI keys

What could be worse than a ransomware attack on your company? Only an incident that hits your company’s clients, I guess. Well, that’s exactly what happened to MSI — the large Taiwanese manufacturer of laptops, video adapters and motherboards. In the beginning of April, word got out that the company was attacked by a new […]

Jailbreak

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

  Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate.   Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

  Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Copyright iHash.eu © 2023
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT