New TorNet backdoor seen in widespread campaign
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A financially motivated threat actor has been conducting a malicious campaign since July 2024, primarily targeting users in Poland and Germany. The campaign uses phishing emails impersonating financial institutions and companies to deliver various payloads, including a new backdoor called TorNet. The actor employs sophisticated techniques such as disconnecting victims from the network before payload delivery and using the TOR network for stealthy communications. The TorNet backdoor can receive and run arbitrary .NET assemblies, expanding the attack surface. The campaign also utilizes PureCrypter malware, which performs anti-analysis checks and establishes persistence through Windows scheduled tasks. The attackers demonstrate advanced evasion techniques and the ability to adapt their tactics for maximum effectiveness.
OPENCTI LABELS :
backdoor,phishing,evasion,purecrypter,agent tesla,poland,snake keylogger,tornet,tor network
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
New TorNet backdoor seen in widespread campaign