Hackers Deploy New Malware Disguised as Networking Software Updates

Hackers Deploy New Malware Disguised as Networking Software Updates
Summary: A sophisticated backdoor targeting major Russian organizations, including government and financial institutions, has been discovered. This malware disguises itself as legitimate updates for the ViPNet software suite, posing severe risks to affected entities. Ongoing investigations emphasize the need for organizations to enhance their defenses against these advanced persistent threat (APT) actors.

Affected: Major organizations in Russia, including government bodies and financial institutions

Keypoints :

  • Malware is distributed as fake ViPNet updates, cleverly packaged to appear legitimate.
  • Attackers use a process hijacking technique that leverages benign executables to execute malicious payloads.
  • The backdoor allows for data exfiltration, deployment of additional malware, and ongoing system access.
  • Kaspersky has identified the threat as HEUR:Trojan.Win32.Loader.gen and provided IoCs for detection.
  • Organizations are encouraged to implement multi-layered security strategies to defend against such evolving threats.

Source: https://gbhackers.com/new-malware-disguised-as-networking-software-updates/