According to a report by Cisco’s Talos security researchers, a covert cyberespionage campaign that went unnoticed for two years targeted a non-profit organization in Saudi Arabia.
Modified reverse proxies (like Fast Reverse Proxy, sSocks, and Venom) and the misuse of trustworthy tools for malware delivery, persistence, and command-and-control (C&C) setup are the campaign’s defining features. Another custom backdoor called Zardoor is also a feature.
Reverse proxy tool usage is similar to the tools, techniques, and procedures (TTPs) used by several Chinese threat actors, according to Talos. Still, there is insufficient data to connect the activity to a recognized Chinese organization.
Read More: Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years
Updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
