Sophisticated backdoor mimicking secure networking software updates

SUMMARY :

A sophisticated backdoor targeting Russian organizations in government, finance, and industry sectors was discovered masquerading as updates for ViPNet secure networking software. The malware, distributed in LZH archives, exploits a path substitution technique to execute a malicious loader that deploys a versatile backdoor. This backdoor can connect to a C2 server, steal files, and launch additional malicious components. The attack highlights the increasing complexity of APT group tactics and emphasizes the need for multi-layered security defenses to protect against such sophisticated threats.

OPENCTI LABELS :

apt,backdoor,russia,targeted attack,software updates,heur:trojan.win32.loader.gen,path substitution,vipnet


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Sophisticated backdoor mimicking secure networking software updates