A cyber-espionage group is targeting the governments of several Middle Eastern countries and has previously attacked an African country’s stock exchange, stealing massive amounts of data with malware.
The Symantec Threat Hunter Team named the espionage group “Witchetty” in a report published Thursday, but it has also been known as “LookingFrog.” Witchetty attacks are distinguished by the use of two pieces of malware: X4 and a second-stage payload known as LookBack.
“From what we can see, their end goal is classic espionage, finding computers on the network, stealing data and exfiltrating it out of the organization,” said Dick O’Brien, a member of the Symantec Threat Hunter team.
In recent months, the group has been updating its tools to use steganography, a technique in which hackers hide malicious code within an image. In Witchetty’s case, the malware is disguised as a Microsoft Windows logo.
Symantec tracked the group’s attacks from February to September, noting that the attackers used ProxyShell (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) and ProxyLogon (CVE-2021-26855 and CVE-2021-27065) vulnerabilities to obtain access in three incidents.
According to several national cybersecurity agencies, ProxyShell and ProxyLogon are among the most co
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: