Summary: A sophisticated backdoor targeting major Russian organizations, including government and financial institutions, has been discovered. This malware disguises itself as legitimate updates for the ViPNet software suite, posing severe risks to affected entities. Ongoing investigations emphasize the need for organizations to enhance their defenses against these advanced persistent threat (APT) actors.
Affected: Major organizations in Russia, including government bodies and financial institutions
Keypoints :
- Malware is distributed as fake ViPNet updates, cleverly packaged to appear legitimate.
- Attackers use a process hijacking technique that leverages benign executables to execute malicious payloads.
- The backdoor allows for data exfiltration, deployment of additional malware, and ongoing system access.
- Kaspersky has identified the threat as HEUR:Trojan.Win32.Loader.gen and provided IoCs for detection.
- Organizations are encouraged to implement multi-layered security strategies to defend against such evolving threats.
Source: https://gbhackers.com/new-malware-disguised-as-networking-software-updates/