Sophisticated backdoor mimicking secure networking software updates

SUMMARY :

A sophisticated backdoor targeting Russian organizations in government, finance, and industrial sectors has been discovered. The malware masquerades as updates for ViPNet, a secure networking software suite. It is distributed via LZH archives containing legitimate and malicious files. The backdoor exploits a path substitution technique to execute a malicious loader, which then decrypts and loads a versatile payload capable of connecting to a C2 server, stealing files, and launching additional malicious components. The complexity of this attack highlights the need for multi-layered security measures to protect against advanced persistent threats.

OPENCTI LABELS :

apt,backdoor,russia,targeted attack,payload,c2 server,secure networking,heur:trojan.win32.loader.gen,path substitution,vipnet


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Sophisticated backdoor mimicking secure networking software updates