One Article Review
| Source |  SecurityWeek |
|---|---|
| Identifiant | 511124 |
| Date de publication | 2018-03-13 17:58:05 (vue: 2018-03-13 17:58:05) |
| Titre | "OceanLotus" Spies Use New Backdoor in Recent Attacks |
| Texte | OceanLotus, a cyber-espionage group believed to be operating out of Vietnam, has been using a new backdoor in recently observed attacks, but also using previously established tactics, ESET reveals. Also known as APT32 and APT-C-00, the advanced persistent threat (APT) has been targeting high-profile corporate and government organizations in Southeast Asia, particularly in Vietnam, the Philippines, Laos, and Cambodia. The group is well-resourced and determined and is known to be using custom-built malware in combination with techniques long known to be successful. One of the latest malware families used by the group is a fully-fledged backdoor that provides operators with remote access to compromised machines, along with the ability to manipulate files, registries, and processes, as well as the option to load additional components if needed. For distribution purposes, OceanLotus uses a two-stage attack that employs a dropper to gain initial foothold on the targeted system and prepare the stage for the backdoor, ESET explains in a new report ( |
| Notes | |
| Envoyé | Oui |
| Condensat | attacks backdoor new oceanlotus recent spies use |
| Tags | |
| Stories | APT 32 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.