Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations

SUMMARY :

Since at least March 2023, a suspected Chinese threat actor has been targeting government, defense, telecommunications, education, and aviation sectors in Southeast Asia and South America. The attackers employ a sophisticated backdoor known as Squidoor, which affects both Windows and Linux systems. Squidoor is modular and designed for stealth, utilizing multiple communication protocols—including Outlook API, DNS tunneling, and ICMP tunneling—to establish covert channels with command and control servers. Initial access is typically achieved by exploiting vulnerabilities in Internet Information Services (IIS) servers, followed by the deployment of obfuscated web shells for persistent access.

OPENCTI LABELS :

apt,backdoor,espionage,squidoor


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations