.jpg)
Cyberattacks against telecommunication service providers in the Middle East have been carried out with the use of new malware called HTTPSnoop and PipeSnoop, which allow cybercriminals to remotely control the devices infected with this malware.
They have also found a companion implant to HTTPSnoop, known as PipeSnoop, which is capable of accepting shellcode from a named pipe and executing it on the infected endpoint by sending it to an open socket. These findings confirm that the two implants belong to a new group of intrusions called ‘ShroudedSnooper’ that Cisco Talos has deemed highly likely to belong to its new set of intrusions.
According to a report by Cisco Talos, the two implants belong to the same intrusion set named ‘ShroudedSnooper’ but serve different operational goals in terms of the level of infiltration.
“The backdoor HTTPSnoop is a simple, yet effective backdoor built into the Windows operating system by using a novel technique that interfaces with the HTTP kernel drivers and devices to listen to incoming HTTP(S) requests and execute the content on an infected machine.
According to Cisco Talos in a report shared with The Hacker News, HTTPSnoop is a simple but effective backdoor.
It is also important to note that a sister implant, codenamed PipeSnoop, is also part of the threat actor’s arsenal, as this implant is capable of accepting arbitrary shellc
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: