24 C
Jaipur
Saturday, October 24, 2020

APT15 Hackers Using Steganography Technique to Drop Okrum Backdoor

Must read

2020 World Series live stream: how to watch Dodgers vs Rays game 4 from anywhere

Over the next few days,  the year's shortened MLB season will come to an end and baseball will crown a new champion - but...

Michigan vs Minnesota live stream: how to watch Big Ten college football tonight

Big Ten college football is back, and the Michigan Wolverines vs Minnesota Golden Gophers game - one of the oldest rivalries in American college...

How to watch Khabib vs Gaethje: live stream UFC 254 right now

It's Fight Island's final bout of the year, and what a clash to be ringing that final bell to. UFC 254 plays host to...

How to watch Khabib vs Gaethje: live stream UFC 254 right now

It's Fight Island's final bout of the year, and what a clash to be ringing that final bell to. UFC 254 plays host to...

Researchers discovered a previously unseen malware called Okrum that distributed from APT15 threat group via a hidden PNG file with steganography technique to evade detection.

APT15 threat group also known as Ke3chang has a long history of its malicious activities since 2010, and it was initially reported in 2013 during their campaign activity attack organization in Europe.

Okrum backdoor initially detected in December 2016 that targets various countries such as Slovakia, Belgium, Chile, Guatemala and Brazil and is believed to be operating out of China.

Okrum backdoor initially detected in December 2016 that targets various countries such as Slovakia, Belgium, Chile, Guatemala Brazil and is believed to be operating out of China.

The APT group continues to be active in 2019 to attack the same type of target but were using different malicious toolsets to compromise them.

Okrum has a similar modus operandi as previously documented Ke3chang (APT15)malware family with a basic set of backdoor commands.

Okrum Distribution and infection vector By APT15

Threat actors from APT15 hiding the okrum payload within a PNG file and infect the victim’s machine using steganography technique stay unnoticed and evade detection.

Attackers tried to hide malicious traffic with its C&C server within the normal traffic by registering the legitimate domain names.

Okrum backdoor installed and loaded by 2 different components which is frequently changed by malware authors to avoid detection.

According to ESET research, “Okrum is only equipped with basic backdoor commands, such as downloading and uploading files, executing files and shell commands. Most of the malicious activity has to be performed by typing shell commands manually, or by executing other tools and software”

“Researchers believe that the combination of simple backdoor and external tools fully accommodates their needs while being easier to develop, but it may also be an attempt to evade behavioral detection.”

Along with this, researchers discovered some of the external tools such as keylogger, tools for dumping passwords, or enumerating network sessions.

Based on the telemetry data, Threat actors employed various anti-emulation and anti-sandbox technique to avoid detection and it mainly targeting Slovakia, Belgium, Chile, Guatemala, and Brazil, Slovakia.

DownloadFree GDPR Comics Book – Importance of Following General Data Protection Regulation (GDPR) to protect your Company Data and user privacy

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

2020 World Series live stream: how to watch Dodgers vs Rays game 4 from anywhere

Over the next few days,  the year's shortened MLB season will come to an end and baseball will crown a new champion - but...

Michigan vs Minnesota live stream: how to watch Big Ten college football tonight

Big Ten college football is back, and the Michigan Wolverines vs Minnesota Golden Gophers game - one of the oldest rivalries in American college...

How to watch Khabib vs Gaethje: live stream UFC 254 right now

It's Fight Island's final bout of the year, and what a clash to be ringing that final bell to. UFC 254 plays host to...

How to watch Khabib vs Gaethje: live stream UFC 254 right now

It's Fight Island's final bout of the year, and what a clash to be ringing that final bell to. UFC 254 plays host to...

US sanctions Russian institute linked to dangerous malware – Latest News

Washington imposed sanctions on a Russian research institute tied to the development of a dangerous computer program capable of causing catastrophic industrial damage, a...