New SideWalk Backdoor Targets U.S-based Computer Retail Business – The Hacker News

SideWalk Backdoor

A computer retail company based in the U.S. was the target of a previously undiscovered implant called SideWalk as part of a recent campaign undertaken by a Chinese advanced persistent threat group primarily known for singling out entities in East and Southeast Asia.

Slovak cybersecurity firm ESET attributed the malware to an advanced persistent threat it tracks under the moniker SparklingGoblin, an adversary believed to be connected to the Winnti umbrella group, noting its similarities to another backdoor dubbed Crosswalk that was put to use by the same threat actor in 2019.

Stack Overflow Teams

“SideWalk is a modular backdoor that can dynamically load additional modules sent from its C&C [command-and-control] server, makes use of Google Docs as a dead drop resolver, and Cloudflare workers as a C&C server,” ESET researchers Thibaut Passilly and Mathieu Tartare said in a report published Tuesday. “It can also properly handle communication behind a proxy.”

Since first emerging on the threat landscape in 2019, SparklingGoblin has been linked to several attacks aimed at Hong Kong universities using backdoors such as Spyder and ShadowPad, the latter of which has become a preferred malware of choice among multiple Chinese threat clusters in recent years.

computer malware ProxyEgg New SideWalk Backdoor Targets U.S-based Computer Retail Business - The Hacker News

Over the past year, the collective has hit a broad range of organizations and verticals around the world, with a particular focus on the academic institutions located in Bahrain, Canada, Georgia, India, Macao, Singapore, South Korea, Taiwan, and the U.S. Other targeted entities include media companies, religious organizations, e-commerce platforms, computer and electronics manufacturers, and local governments.

SideWalk is characterized as an encrypted shellcode, which is deployed via a .NET loader that takes care of “reading the encrypted shellcode from disk, decrypting it and injecting it into a legitimate process using the process hollowing technique.” The next phase of the infection commences with SideWalk establishing communications with the C&C server, with the malware retrieving the encrypted IP address from a Google Docs document.

Enterprise Password Management

“The decrypted IP address is 80.85.155[.]80. That C&C server uses a self-signed certificate for the facebookint[.]com domain. This domain has been attributed to BARIUM by Microsoft, which partially overlaps with what we define as Winnti Group. As this IP address is not the first one to be used by the malware, it is considered to be the fallback one,” the researchers said.

Besides using HTTPS protocol for C&C communications, SideWalk is designed to load arbitrary plugins sent from the server, amass information about running processes, and exfiltrate the results back to the remote server.

“SideWalk is a previously undocumented backdoor used by the SparklingGoblin APT group. It was most likely produced by the same developers as those behind CROSSWALK, with which it shares many design structures and implementation details,” the researchers concluded.

Source of this news: https://thehackernews.com/2021/08/new-sidewalk-backdoor-targets-us-based.html

Related posts:

Microsoft Exchange server being hacked by the new LockFile ransomware - Illinoisnewstoday.com
A new ransomware gang, known as LockFile, uses a recently published ProxyShell vulnerability to encrypt a Windows domain after hacking into a Microsoft Exchange server. ProxyShell is the name of an ...
NuCypher (NU) Skyrockets 590% As we speak: What's The Reason For Such A Crispy Jump? – Own Piece of ...
Today, NuCypher showed record growth one day – 590%: from a minimum of rate of $ 0. 290181 to a new ATH of $ 2 . 61. NuCypher is a layer attached to encryption and data insurance for Ethereum an...
Plasmid hypermutation using a targeted artificial DNA replisome - Science Advances
INTRODUCTIONEvolutionary innovation of new protein functions is central to Darwinian adaptation. For example, bacterial efflux pumps evolved into antibiotic resistance proteins (1). Natural evolution...
Where to buy proxies? A complete guide - KnowTechie
Proxies are very important when it comes to security, privacy, and marketing. Whether you need a good proxy for your business or personal needs, you might’ve realized that buying one can be a brainer...
Everything you need to know about NordVPN - Mashable
Not bad, NordVPN. We were hopping around proxy servers on Chrome without any drops in speed. This is what using a virtual private network (VPN) should feel like. We noticed a similar experience on an...
Inside Microsoft's Shareholder Meeting: Nadella Leans on Metaverse, Board Votes Down Social Reform M...
News Microsoft Touts $39.8B in Returns During Annual Shareholders Meeting By Kurt MackieDecember 01, 2021 Microsoft's Annual Shareholder Meeting voting results were reported on Tuesday, bringing ...
TheSocialProxy Review: Taking Social Media Management to the Next Level - Make Tech Easier
As a social media marketer, or simply a person who manages multiple social media accounts, you may benefit from using a proxy service. Most social networks don’t allow multiple accounts, so the...
What's the difference between a proxy server and a VPN? - Windows Central
When it comes to internet privacy and security, two terms are commonly tossed around: VPN and proxy. If you're wondering what exactly these words mean, or which one you need, if any, you aren't alon...
Next Article How AI & proxies drive web scraping - www.computing.co.uk
As public online data acquisition becomes increasingly important to decision-making, AI, web scraping and proxies will continue to find their way into business activities. While the inclusion of AI i...
Ad Fraud – The Biggest Threat to Programmatic? - Business 2 Community
Ad fraud in the programmatic realm is a serious issue that affects all key industry players, and that’s why it has been the prime focus of all sides concerned for the last couple of years.Ad fraud is...
Using DW and Psiphon to circumvent internet censorship - Deutsche Welle
One of the main missions of DW is to advocate for freedom of expression and free access to information around the world. One of the growing threats to these tenets is internet censorship. Countries a...
The impact of Apple iOS 15 launch on email marketers - The Financial Express
Marketers have to find new ways to identify preferencesBy Raviteja DoddaFor long, this is the challenge that marketers have been grappling with – how to make subscribers open the mail and how to give...
Nets Summer League roster highlighted by their NBA draft picks - New York Post
LAS VEGAS — With free agency winding down and the Spencer Dinwiddie trade done and dusted, Nets fans will turn their eyes toward Las Vegas and focus their attention on NBA Summer League. Yes, Kevi...
​KYC-Free Bitcoin Circular Economies: Free The Markets, Free The World - Bitcoin Magazine
What Is A Circular Economy?A Bitcoin circular economy is a free market where you can trade any products or services for bitcoin, including daily needs like food, jobs and housing.The state censors fi...
Form 8-K Athena Technology Acquis For: Jul 06 - StreetInsider.com
Get inside Wall Street with StreetInsider Premium. Claim your 1-week free trial here. UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 8-K CURRENT REPORT Pursuant to Se...
How can i Access Blocked Websites almost everywhere and for Free - BollyInside
This lesson is about the How to Find out Blocked Websites anywhere for Free. We will try our best so that you will understand this guide. I hope you enjoy this blog How to Access Blocked Online...
Programmes Not Responding - Windows 10 Support - BleepingComputer
Hi, I have a Toshiba laptop to which I have recently (yesterday) upgraded the OS to Windows 10 but the laptop still runs so slow with programmes not responding. Have run a fresh install of Malwarebyt...
The Cacophony Of Many Different Server Markets - IT Jungle
September 13, 2021 Timothy Prickett Morgan Considering how skittery the global economy is, how wonky the world’s supply chains are, and how capricious spending by the big public clouds and the...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30