Backdoors are complicated for system administrators to deal with. To make it worse, threat actors are continuously honing their attack skills to conduct reconnaissance and install backdoors that can further lead to more destruction.
A deluge of backdoors observed recently
The trend of launching backdoor attacks is witnessing a rise as APT groups unleash several new and old backdoor malware. Some of the prominent backdoor attacks noted in June include:
The new AppleSeed backdoor malware was used by the Kimsuky APT to target the South Korean Ministry of Foreign Affairs. The interesting aspect is that the backdoor went undetected for over three years, giving its operators a significant opportunity and time to target many departments within the ministry.
The Myanmar President’s office was attacked by a backdoor that was planted by a hacking group named Mustang Panda or RedEcho. The loader was delivered in a spear-phishing campaign.
A surveillance operation launched by a new Victory backdoor against a Southeast Asian government. The attack was the work of the SharpPanda APT group.
A targeted attack on foreign ministries in Africa was conducted using a new customized backdoor malware named Turian. The malware, which is derived from Quarian, is associated with the new BackdoorDiplomacy APT group.
All of these aforementioned backdoors were launched via phishing emails in one form or another.
According to recent research by ProofPoint, spoofed emails with malicious attachments or links are commonly used channels to distribute backdoors in the initial stage payload.
A new challenge for security analysts
A never-seen-before backdoor dubbed Siloscape has become the first malware to target Windows containers.
Given the heavy obfuscation techniques used by the malware, it is challenging for security analysts to reverse its binary.
Siloscape’s main purpose is to open a backdoor into poorly configured Kubernetes clusters to run malicious containers.
The bottom line
Backdoors can give attackers the keys to the kingdom. They are arguably the most dangerous malware as they can go unnoticed for long periods of time. When combined with the condition of unpatched vulnerabilities found across devices and ever-evolving evasion techniques, it becomes easier for these backdoor to gain initial access to networks. And, this will ultimately cost consumers and developers if the right security measures are not in place.