![]() ![]() “A recent CISA report on multiple APT groups attacking a defense sector organization mentioned Budworm’s toolset. “This is the second time in recent months, Budworm has been linked to attacks against a US-based target,” Symantec wrote, warning companies against the APT’s potential change of tactics. In some cases, however, the HyperBro backdoor was loaded with its own HyperBro loader, also designed to load malicious DLLs and encrypt payloads. “The binary, which has the default name vf_host.exe, is usually renamed by the attackers in order to masquerade as a more innocuous file.” “In recent attacks, Budworm has used the endpoint privilege management software CyberArk Viewfinity to perform side-loading,” the security researchers wrote in the advisory. Symantec also explained that Budworm continued to rely on the HyperBro malware family as its primary payload, which is often delivered using a dynamic-link library (DLL) side-loading technique. ![]() ![]() The attackers reportedly used Virtual Private Servers (VPS) hosted on Vultr and Telstra as command and control (C&C) servers. In the latest attacks, Budworm leveraged the Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45105) to compromise the Apache Tomcat service on servers to install web shells. ![]() “While there were frequent reports of Budworm targeting US organizations six to eight years ago, in more recent years, the group’s activity appears to have been largely focused on Asia, the Middle East, and Europe,” reads the advisory. The news comes from Symantec security researchers, who shared an advisory about the attacks with Infosecurity before publication.Īccording to the new data, Budworm executed attacks over the past six months against several strategically significant targets, including a Middle Eastern country’s government, a multinational electronics manufacturer, a hospital in South East Asia and a US state legislature. The advanced persistent threat (APT) actor known as Budworm has been spotted targeting a US-based entity for the first time in more than six years, alongside other international targets. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |