Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
New SideWalk Backdoor Targeting U.S. Computer Retailers
New SideWalk Backdoor Targeting U.S. Computer Retailers
Recent cyberattacks revealed a new improved backdoor comparable to SparklingGoblin's Crosswalk malware
Aug 26, 2021 11:31 GMT  ·  By George Dascalu  ·     

Chinese advanced persistent threat (APT) gangs have resumed their hacking activities, with one of the attacks targeting an American computer retailer using an unknown backdoor referred to as Sidewalk, according to The Hacker News.

In a report, ESET Cybersecurity Researchers Mathieu Tartare and Thibaut Passilly describe the fresh backdoor as modular, allowing the dynamic loading of additional modules from specific control and command servers. The malware is also designed to target Cloudflare workers as C&C servers and Google Docs as dead drop resolvers.

Security researchers describe SideWalk as "responsible for reading the encrypted shellcode from disk, decrypting it and injecting it into a legitimate process using the process hollowing technique"[...]“The decrypted IP address is 80.85.155[.]80. That C&C server uses a self-signed certificate for the facebookint[.]com domain,” according to security experts.
Chinese APT groups began attacking targets all over the world

SparklingGoblin, as it was named by ESET, was previously known to target organizations in Southeast and East Asia. The APT group has been linked to a number of attacks on Hong Kong College using backdoors such as Spyder and ShadowPad to infiltrate the network. The latter has emerged as a preferred choice among many Chinese cybercrime organizations in recent years. Because of the similarities it shares with another backdoor named Crosswalk, used by the same group in 2019, it is assumed that the cybercriminal gang is related to the Winnti Umbrella group.

The malware has been able to infiltrate a large number of academic institutions around the world, with most of the victims located in the United States, South Korea, Taiwan, Macau, Singapore, Bahrain, Georgia, India and Canada. In addition, the group targeted local governments, electronics and computer manufacturers, e-commerce websites, religious organizations, and media companies in its hacking campaigns.

Possibly Related Threads…
Thread Author Replies Views Last Post
  Taiwanese Government Warns of Hidden Backdoor in D-Link Routers mrtrout 0 227 06-18-2024 , 07:25 AM
Last Post: mrtrout
  Russian hackers linked to widespread attacks targeting NATO and EU mrtrout 0 1,066 04-15-2023 , 07:54 PM
Last Post: mrtrout
  Hackers are targeting industrial systems with malware mrtrout 0 773 07-16-2022 , 06:46 PM
Last Post: mrtrout
  QNAP warns of new Checkmate ransomware targeting NAS devices mrtrout 0 690 07-07-2022 , 11:13 PM
Last Post: mrtrout
  Chinese Hackers Targeting Russian Federal Agencies mrtrout 0 701 08-06-2021 , 03:31 AM
Last Post: mrtrout

Forum Jump:

Users browsing this thread: 1 Guest(s)