Thứ Năm, Tháng Năm 19, 2022
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
NATuts
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
No Result
View All Result
NATuts
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
No Result
View All Result
NATuts
No Result
View All Result
Home Tech

Iranian hackers use new Marlin backdoor in ‘Sail’ espionage campaign

10 Tháng Hai, 2022
in Tech
0
Iranian hackers use new Marlin backdoor in ‘Sail’ espionage campaign
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Các bài viết liên quan:

Download Ashampoo PDF Pro – Detailed installation instructions

Download Ashampoo PDF Pro – Detailed installation instructions

19 Tháng Năm, 2022
Sunrise Hội An Resort – Đắm mình vào thiên nhiên xanh mát

Sunrise Hội An Resort – Đắm mình vào thiên nhiên xanh mát

19 Tháng Năm, 2022
Finland does not want to place nuclear weapons on its territory

Finland does not want to place nuclear weapons on its territory

19 Tháng Năm, 2022
How to hide your home from Google Maps

How to hide your home from Google Maps

19 Tháng Năm, 2022
7 Outlook Tips and Tricks Everyone Should Know Now

7 Outlook Tips and Tricks Everyone Should Know Now

19 Tháng Năm, 2022
Những kiểu tóc lob đẹp

Những kiểu tóc lob đẹp

19 Tháng Năm, 2022

Spy campaign

An Advanced Persistent Threat (APT) group with ties to Iran has refreshed its toolkit malware his to include a back door newly named Marlin was part of a lengthy espionage campaign that began in April 2018.

Slovak cybersecurity firm ESET attributed the attacks – codenamed “Out to Sea” – to a threat actor named OilRig (aka APT34), and linked the activities of with a second Iranian group followed under the name Lyceum (Hexane aka SiameseKitten).

“Victims of the campaign include diplomatic organisations, technology companies and medical institutions in Israel, Tunisia and the United Arab Emirates,” ESET notes in its distributed T3 2021 Threat Report. Share with The Hacker News.

Active at least since 2014, the attack group is known to attack Middle Eastern governments and various business sectors, including chemicals, energy, finance, and telecommunications. In April 2021, the actor targeted a Lebanese entity with an implant called SideTwist, while campaigns previously attributed to Lyceum have singled out IT companies in Israel, Morocco , Tunisia and Saudi Arabia.

The Lyceum infection chains are also notable because they have grown to reduce many backdoors since the campaign came to light in 2018 – starting with DanBot and moving to Shark and Milan in 2021 – with calls The attack discovered in August 2021 takes advantage of a new data collection malware called Marlin.

Spy campaign

The changes don’t end there. In a significant difference from traditional OilRig TTPs, which involve the use of DNS and HTTPS for command and control (C&C) communication, Marlin uses the OneDrive API of Microsoft for its C2 operations.

ESET, noting that initial access to the network was accomplished using phishing methods as well as remote access and administration software such as ITbrain and TeamViewer, cited similarities in tools and strategies. The art between OilRig’s and Lyceum’s backdoors is “too much and too specific. “

“Backdoor ToneDeaf primarily communicates with its C&C over HTTP/S but includes a secondary method, DNS tunneling, that does not function properly,” the researchers said. “Shark also has similar symptoms, where its main method of communication uses DNS but has a non-functional HTTP/S secondary option.”

ToneDeaf, which supports system information gathering, file upload and download, and arbitrary shell command execution, is a family of malware deployed by the APT34 agent targeting a wide range of operating industries. in the Middle East in July 2019.

In addition, the findings also indicate the overlapping use of DNS as a C&C communication channel, the use of HTTP/S as the secondary communication method, and the use of multiple directories in the backdoor’s working directory to upload and download files from the C&C server.

.

Previous Post

Bill Gates outlines how to prevent future pandemics

Next Post

Website to help you convert text into handwriting

Admin Natuts

Admin Natuts

Related Posts

How to hide your home from Google Maps

How to hide your home from Google Maps

19 Tháng Năm, 2022
7 Outlook Tips and Tricks Everyone Should Know Now

7 Outlook Tips and Tricks Everyone Should Know Now

19 Tháng Năm, 2022
Những kiểu tóc lob đẹp

Những kiểu tóc lob đẹp

19 Tháng Năm, 2022
The web tracker blocked the online form even before the user hit submit

The web tracker blocked the online form even before the user hit submit

19 Tháng Năm, 2022
How to Create a Vietcombank Account with a Free Phone Number

How to Create a Vietcombank Account with a Free Phone Number

18 Tháng Năm, 2022
12 Best Private Instagram Viewers in 2022 [No Human Verification]

12 Best Private Instagram Viewers in 2022 [No Human Verification]

18 Tháng Năm, 2022
Load More
Next Post
Website to help you convert text into handwriting

Website to help you convert text into handwriting

Trả lời Hủy

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Bài viết mới

Download Ashampoo PDF Pro – Detailed installation instructions
Software

Download Ashampoo PDF Pro – Detailed installation instructions

19 Tháng Năm, 2022
Sunrise Hội An Resort – Đắm mình vào thiên nhiên xanh mát
Travel

Sunrise Hội An Resort – Đắm mình vào thiên nhiên xanh mát

19 Tháng Năm, 2022
Finland does not want to place nuclear weapons on its territory
News

Finland does not want to place nuclear weapons on its territory

19 Tháng Năm, 2022
How to hide your home from Google Maps
Tech

How to hide your home from Google Maps

19 Tháng Năm, 2022
7 Outlook Tips and Tricks Everyone Should Know Now
Tech

7 Outlook Tips and Tricks Everyone Should Know Now

19 Tháng Năm, 2022
Những kiểu tóc lob đẹp
Tech

Những kiểu tóc lob đẹp

19 Tháng Năm, 2022
W3Schools

Ads

Contact: [email protected]

DMCA.com Protection Status

Categories

  • Android
  • Cạm bẫy tâm lí
  • Chưa được phân loại
  • Đồ họa
  • Đời sống
  • Gen Z
  • Health
  • iOS
  • Kĩ năng mềm
  • News
  • Nhà mạng
  • Phần mềm
  • Phần mềm đồ họa
  • Review sách
  • Software
  • Tech
  • Thiết kế ảnh
  • Thiết kế video
  • Thủ thuật
  • Travel
  • Văn hóa Nam Bộ
  • Văn học
  • Window

Browse by Tag

ai là triệu phú android Apple browser Bullet Journal bản thân Chỉnh ảnh data domain download du lịch fshare game game show hosting HÌNH XĂM IKEA ios khuyến mãi kinh doanh kiến thức kiểm tra pin lừa đảo messenger miễn phí mua sắm Máy ảnh mạng mồi tiềm thức network nghệ thuật nhà Trần quảng cáo review tháp phân tầng xã hội tiếng anh tiện ích Trần Thủ Độ tên miền từ vựng viettel word xã hội Đơn giản đánh bạc

Recent News

Download Ashampoo PDF Pro – Detailed installation instructions

Download Ashampoo PDF Pro – Detailed installation instructions

19 Tháng Năm, 2022
Sunrise Hội An Resort – Đắm mình vào thiên nhiên xanh mát

Sunrise Hội An Resort – Đắm mình vào thiên nhiên xanh mát

19 Tháng Năm, 2022

Trang tin nóng hổi - vừa thổi vừa xem

No Result
View All Result
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z

Trang tin nóng hổi - vừa thổi vừa xem