Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
New SideWalk Backdoor Targeting U.S. Computer Retailers
New SideWalk Backdoor Targeting U.S. Computer Retailers
Recent cyberattacks revealed a new improved backdoor comparable to SparklingGoblin's Crosswalk malware
Aug 26, 2021 11:31 GMT  ·  By George Dascalu  ·     

Chinese advanced persistent threat (APT) gangs have resumed their hacking activities, with one of the attacks targeting an American computer retailer using an unknown backdoor referred to as Sidewalk, according to The Hacker News.

In a report, ESET Cybersecurity Researchers Mathieu Tartare and Thibaut Passilly describe the fresh backdoor as modular, allowing the dynamic loading of additional modules from specific control and command servers. The malware is also designed to target Cloudflare workers as C&C servers and Google Docs as dead drop resolvers.

Security researchers describe SideWalk as "responsible for reading the encrypted shellcode from disk, decrypting it and injecting it into a legitimate process using the process hollowing technique"[...]“The decrypted IP address is 80.85.155[.]80. That C&C server uses a self-signed certificate for the facebookint[.]com domain,” according to security experts.
Chinese APT groups began attacking targets all over the world

SparklingGoblin, as it was named by ESET, was previously known to target organizations in Southeast and East Asia. The APT group has been linked to a number of attacks on Hong Kong College using backdoors such as Spyder and ShadowPad to infiltrate the network. The latter has emerged as a preferred choice among many Chinese cybercrime organizations in recent years. Because of the similarities it shares with another backdoor named Crosswalk, used by the same group in 2019, it is assumed that the cybercriminal gang is related to the Winnti Umbrella group.

The malware has been able to infiltrate a large number of academic institutions around the world, with most of the victims located in the United States, South Korea, Taiwan, Macau, Singapore, Bahrain, Georgia, India and Canada. In addition, the group targeted local governments, electronics and computer manufacturers, e-commerce websites, religious organizations, and media companies in its hacking campaigns.

Possibly Related Threads…
Thread Author Replies Views Last Post
  Hackers are targeting industrial systems with malware mrtrout 0 345 07-16-2022 , 06:46 PM
Last Post: mrtrout
  QNAP warns of new Checkmate ransomware targeting NAS devices mrtrout 0 325 07-07-2022 , 11:13 PM
Last Post: mrtrout
  Chinese Hackers Targeting Russian Federal Agencies mrtrout 0 327 08-06-2021 , 03:31 AM
Last Post: mrtrout
  Researchers Warn of Facefish Backdoor Spreading Linux Rootkits mrtrout 0 453 05-28-2021 , 10:58 PM
Last Post: mrtrout
  Bizarro Banking Trojan Sports Sophisticated Backdoor Bjyda 0 443 05-23-2021 , 09:22 PM
Last Post: Bjyda

Forum Jump:

Users browsing this thread: 1 Guest(s)