- Trend Micro discovers a new backdoor called GhostSpider
- It can leak sensitive data and disrupt the operating system.
- It was used by a Chinese state-sponsored threat actor known as Salt Typhoon.
The infamous Chinese state-sponsored threat actor Salt Typhoon has been seen using a new backdoor malware to attack telecom service providers.
A report from cybersecurity professionals Trend Micro analyzed the backdoor, called GhostSpider, noting that it is used in long-term cyberespionage operations, and its key stealth mechanisms include remaining exclusively in memory and encrypting its communication with the C2 server.
GhostSpider is capable of doing several things, including loading malicious modules into memory, activating the module by initializing the necessary resources, executing the main loader function (data exfiltration or system manipulation), and closing the module to free memory and stay out of the view. . Finally, you can adjust your behavior to avoid detection, while maintaining regular communication with the C2 server.
Abuse endpoint failures
The Washington Post noted that US authorities recently notified 150 victims, most of whom were in the D.C. area, that Salt Typhoon was listening to their communications.
In its report, Trend Micro added that in addition to telecommunications, the Chinese are targeting government entities, technology, consulting, chemicals and transportation sectors in the US, Asia-Pacific, Middle East, South Africa and other regions. To breach the systems, Salt Typhoon would exploit a series of flaws in different endpoints, including bugs in Ivant's Connect Secure VPN, Fortinet's FortiClient EMS, Sophos Firewall, and others.
While GhostSpider took all the attention, Salt Typhoon was also seen using other never-before-seen variants, including a Linux backdoor called Masol RAT, a rootkit called Demodex, and a backdoor called SnappyBee.
Salt Typhoon, known as one of the most dangerous threat actors, focuses primarily on data exfiltration and surveillance, often targeting government agencies, political figures, and key industries in the US and allied nations. Some of its notable victims include major US telecommunications providers such as T-Mobile, AT&T, Verizon, and Lumen Technologies.
Through beepcomputer