cybersecurity

3673 readers

39 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

Call It What You Want: Threat Actor Delivers Highly Targeted Multistage Polyglot Malware. (www.proofpoint.com)

submitted 3 hours ago by Tea@programming.dev to c/cybersecurity@infosec.pub

0 comments fedilink hide all child comments

Key findings

Proofpoint researchers identified a highly targeted email-based campaign targeting fewer than five Proofpoint customers in the United Arab Emirates with a distinct interest in aviation and satellite communications organizations, along with critical transportation infrastructure.

The malicious messages were sent from a compromised entity in a trusted business relationship with the targets, and used lures customized to every target.

This campaign led to the newly discovered backdoor dubbed Sosano by Proofpoint, which leveraged numerous techniques to obfuscate the malware and its payload, likely indicating an adversary with significant development capabilities with an interest in protecting their payloads from easy analysis.

The campaign used polyglot files to obfuscate payload content, a technique that is relatively uncommon for espionage-motivated actors in Proofpoint telemetry and speaks to the desire of the operator to remain undetected.

Proofpoint tracks this new threat cluster as UNK_CraftyCamel.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here