"Kaspersky described a minimalistic backdoor with the ability to execute commands, download files, and run shellcode payloads in memory, making detection harder."
"The QUIC RAT backdoor can inject payloads into notepad.exe and conhost.exe processes and supports various C2 communication protocols, including HTTP, UDP, TCP, and QUIC."
"Attackers attempted to infect most affected machines with an information collector payload, while the more complex backdoor was observed only on a dozen machines in targeted sectors."
"The deployment of the more complex backdoor to a small subset of infected machines indicates the attacker had specific intentions, though their ultimate goals remain unclear."
Kaspersky identified a minimalistic backdoor capable of executing commands and downloading files, making detection difficult. A more complex backdoor, QUIC RAT, was found on a machine in a Russian educational institution, capable of injecting payloads into processes and supporting multiple communication protocols. Approximately 100 organizations across several countries were infected, with 10% being businesses. The targeted deployment of the more complex backdoor suggests specific intentions, though the attackers' ultimate goals remain unclear. Recent supply-chain attacks have also affected various software packages, highlighting ongoing security concerns.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]