• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • Contact Us

iHash

News and How to's

  • Apple MacBook Air MJVE2LLA (2015) 13.3" 1.6GHz i5 8GB RAM 128GB SSD (Refurbished) for $451

    Apple MacBook Air MJVE2LLA (2015) 13.3" 1.6GHz i5 8GB RAM 128GB SSD (Refurbished) for $451
  • 30W Slim Wall Charger White for $39

    30W Slim Wall Charger White for $39
  • Leather AirTag Case – Camo for $29

    Leather AirTag Case – Camo for $29
  • Microsoft Office Home and Business for Mac 2021 Lifetime License (MJVE2LLA Bundle) for $451

    Microsoft Office Home and Business for Mac 2021 Lifetime License (MJVE2LLA Bundle)
for $451
  • Microsoft Office Home and Business for Mac 2021 Lifetime License (MQD42LLA Bundle) for $475

    Microsoft Office Home and Business for Mac 2021 Lifetime License (MQD42LLA Bundle) for $475
  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

New “SockDetour” Fileless, Socketless Backdoor Targets U.S. Defense Contractors

Feb 25, 2022 by iHash Leave a Comment

SockDetour Malware

Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts.

“SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as a backup backdoor in case the primary one fails,” Palo Alto Networks’ Unit 41 threat intelligence said in a report published Thursday. “It is difficult to detect, since it operates filelessly and socketlessly on compromised Windows servers.”

Even more concerningly, SockDetour is believed to have been used in attacks since at least July 2019, based on a compilation timestamp on the sample, implying that the backdoor successfully managed to slip past detection for over two-and-a-half years.

Automatic GitHub Backups

The attacks have been attributed to a threat cluster it tracks as TiltedTemple (aka DEV-0322 by Microsoft), which is designated moniker for a hacking group operating out of China and was instrumental in exploiting zero-day flaws in Zoho ManageEngine ADSelfService Plus and ServiceDesk Plus deployments as a launchpad for malware attacks last year.

The ties to TiltedTemple come from overlaps in the attack infrastructure, with one of the command-and-control (C2) servers that was used to facilitate the distribution of malware for the late 2021 campaigns also hosting the SockDetour backdoor, alongside a memory dumping utility and numerous web shells for remote access.

Unit 42 said it unearthed evidence of at least four defense contractors targeted by the new wave of attacks, resulting in the compromise of one of them.

The intrusions also predate the attacks that occurred through compromised Zoho ManageEngine servers in August 2021 by a month. Analysis of the campaign has revealed that SockDetour was delivered from an external FTP server to a U.S.-based defense contractor’s internet-facing Windows server on July 27, 2021.

Prevent Data Breaches

“The FTP server that hosted SockDetour was a compromised Quality Network Appliance Provider (QNAP) small office and home office (SOHO) network-attached storage (NAS) server,” the researchers pointed out. “The NAS server is known to have multiple vulnerabilities, including a remote code execution vulnerability, CVE-2021-28799.”

What’s more, the same server is said to have been already infected with the QLocker ransomware, raising the possibility the TiltedTemple actor leveraged the aforementioned flaw to gain unauthorized initial access.

SockDetour, for its part, is fashioned as a stand-in backdoor that hijacks legitimate processes’ network sockets to establish its own encrypted C2 channel, followed by loading an unidentified plugin DLL file retrieved from the server.

“Thus, SockDetour requires neither opening a listening port from which to receive a connection nor calling out to an external network to establish a remote C2 channel,” the researchers said. “This makes the backdoor more difficult to detect from both host and network level.”

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: backdoor, computer security, Contractors, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, Defense, Fileless, hacker news, hacking news, how to hack, information security, network security, ransomware malware, SockDetour, Socketless, software vulnerability, targets, the hacker news

Special Offers

  • Apple MacBook Air MJVE2LLA (2015) 13.3" 1.6GHz i5 8GB RAM 128GB SSD (Refurbished) for $451

    Apple MacBook Air MJVE2LLA (2015) 13.3" 1.6GHz i5 8GB RAM 128GB SSD (Refurbished) for $451
  • 30W Slim Wall Charger White for $39

    30W Slim Wall Charger White for $39
  • Leather AirTag Case – Camo for $29

    Leather AirTag Case – Camo for $29
  • Microsoft Office Home and Business for Mac 2021 Lifetime License (MJVE2LLA Bundle) for $451

    Microsoft Office Home and Business for Mac 2021 Lifetime License (MJVE2LLA Bundle)
for $451
  • Microsoft Office Home and Business for Mac 2021 Lifetime License (MQD42LLA Bundle) for $475

    Microsoft Office Home and Business for Mac 2021 Lifetime License (MQD42LLA Bundle) for $475

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

30W Slim Wall Charger White for $39

Mar 22, 2023 By iHash

Leading With Business Integrity at the Intersection of Legal and Technology

Leading With Business Integrity at the Intersection of Legal and Technology

Mar 21, 2023 By iHash

Tags

* Apple Cisco computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS 7 iOS 8 iPhone Malware microsoft network security ransomware ransomware malware risk management Secure security security breaches security vulnerabilities software vulnerability the hacker news Threat update video Vulnerabilities web applications

Latest

Apple MacBook Air MJVE2LLA (2015) 13.3" 1.6GHz i5 8GB RAM 128GB SSD (Refurbished) for $451

Expires March 21, 2123 23:59 PST Buy now and get 43% off KEY FEATURES The Apple MacBook Air MJVE2LLA (2015) 13.3″ is a powerful and lightweight laptop that is perfect for people who are always on the go. The 13.3″ HD display provides crisp and clear images, so you can enjoy your favorite movies, TV […]

Leather AirTag Case – Camo for $29

Expires March 20, 2123 19:21 PST Buy now and get 14% off KEY FEATURES It’s all about tracking, not exposing. VogDUO AirTag Leather Case provides the best protection from privacy and damages for your personal belongings. For your best interests, we recommend the users keep the AirTag from exposure. Thus, we use Premium Italian Leather […]

Zero-click remote hacks for Samsung, Google, and Vivo smartphones

Zero-click remote hacks for Samsung, Google, and Vivo smartphones

Smartphones, tablets, and even cars with Samsung Exynos microprocessors are at risk of remote hacking. Bug hunters at Google Project Zero say you just need the victim’s phone number. This is due to the presence of 18 vulnerabilities in the Exynos baseband radio processor, which is widely used in Google, Vivo, Samsung, and many other […]

30W Slim Wall Charger Black for $39

Expires March 20, 2123 19:26 PST Buy now and get 20% off Slim Wall Charger 3-port Model No.: SPC001 Charger Pro Frequent travelers love to move around with minimal effort, which is why it makes perfect sense to carry a USB charger that can power up multiple devices simultaneously. Even better yet, if this particular […]

Heard on the Street – 3/20/2023

Welcome to insideBIGDATA’s “Heard on the Street” round-up column! In this regular feature, we highlight thought-leadership commentaries from members of the big data ecosystem. Each edition covers the trends of the day with compelling perspectives that can provide important insights to give you a competitive advantage in the marketplace. We invite submissions with a focus […]

Evades Macro Security via OneNote Attachments

Mar 20, 2023Ravie LakshmananEndpoint Security / Email Security The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to […]

Jailbreak

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

  Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate.   Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

  Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Copyright iHash.eu © 2023
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT