fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Cyberspies Target Military Organizations With New Nebulae Backdoor

Cyberspies Target Military Organizations With New Nebulae Backdoor

A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia.

For at least a decade, the hacking group known as Naikon has actively spied on organizations in countries around the South China Sea, including the Philippines, Malaysia, Indonesia, Singapore, and Thailand, for at least a decade, since 2010.

Naikon is likely a state-sponsored threat actor tied to China, mostly known for focusing its efforts on high-profile orgs, including government entities and military orgs.

Backdoor used for persistence backup after detection

During their attacks, Naikon abused legitimate software to side-load the second-stage malware dubbed Nebulae likely used to achieve persistence, according to research published today by security researchers at Bitdefender’s Cyber Threat Intelligence Lab.

Nebulae provides additional capabilities allowing attackers to collect system information, manipulate files and folders, download files from the command-and-control server, and execute, list, or terminate processes on compromised devices.

The malware is also designed to gain persistence by adding a new registry key to relaunch automatically on system restarts after login.

“The data we obtained so far tell almost nothing about the role of the Nebulae in this operation, but the presence of a persistence mechanism could mean that it is used as backup access point to victim in the case of a negative scenario for actors,” Bitdefender researcher Victor Vrabie said.

Nebulae side-loading (Bitdefender)

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

First-stage backdoor used as a swiss-army knife

In the same series of attacks, the Naikon threat actors also delivered first-stage malware known as RainyDay or FoundCore used to deploy second-stage payloads and tools used for various purposes, including the Nebulae backdoor.

“Using the RainyDay backdoor, the actors performed reconnaissance, uploaded its reverse proxy tools and scanners, executed the password dump tools, performed lateral movement, achieved persistence, all to compromise the victims’ network and to get to the information of interest,” Vrabie added [PDF].

Besides deploying additional payloads on compromised systems, attackers can also send RainyDay commands over TCP or HTTP to manipulate services, access a command shell, uninstall the malware, taking and collecting screen captures, and manipulate, download, or upload files.

RainyDay backdoor (Bitdefender)

During attacks observed between June 2019 and March 2021, Naikon dropped malicious payloads using side-loading and DLL hijacking vulnerabilities impacting:

  • Sandboxie COM Services (BITS) (SANDBOXIE L.T.D)
  • Outlook Item Finder (Microsoft Corporation)
  • VirusScan On-Demand Scan Task Properties (McAfee, Inc.)
  • Mobile Popup Application (Quick Heal Technologies (P) Ltd.)
  • ARO 2012 Tutorial

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Bitdefender confidently attributed this operation to the Naikon threat actor based on command-and-control servers and malicious payloads belonging to the Aria-Body loader malware family used in the group’s past operations.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us