Summary: A recent analysis by cybersecurity firm Nviso highlights the emergence of Windows variants of the BrickStorm backdoor used by the Chinese APT group UNC5221 in a breach of MITRE. The hackers exploited zero-day vulnerabilities in a VPN and have been targeting European organizations since 2022. The backdoor employs low-noise techniques and various methods to manipulate files and establish network connections while evading detection.
Affected: MITRE, European Organizations
Keypoints :
- UNC5221 exploited two zero-day vulnerabilities in Ivanti Connect Secure VPN for the MITRE hack.
- The Windows variants of BrickStorm enable file system browsing, manipulation, and network tunneling.
- Public cloud services are utilized to obscure infrastructure, while common DNS platforms are abused to evade monitoring.
- The backdoor is designed to operate with minimal noise, making it effective despite its basic features.
Source: https://www.securityweek.com/mitre-hackers-backdoor-has-targeted-windows-for-years/