![]() If a firmware upgrade is discovered, the script will backup the file, unzip it, mount it, and copy over the entire malware package. On an infected device, a bash script called “geoBotnetd” checks every 10 seconds for a firmware upgrade. The malware’s ultimate goal is to execute a SQL command to obtain the hashed credentials of all logged-in users, which the attacker can then use to crack them offline. A startup script called “rc.local” launches the malware at boot time to allow for extended access. A copy of the “firewalld” file called “iptabled” was also modified to ensure the primary malware’s survival in the event of a crash or termination. The main malware process is a file called “firewalld,” which executes the TinyShell backdoor with parameters that allow it to provide the threat actor with a reverse shell. The malware is made up of several bash scripts and one ELF binary file, which has been identified as a TinyShell backdoor variant. The malware campaign is thought to be a Chinese cyber espionage campaign aimed at stealing user credentials for cyber espionage purposes. Artificial Intelligence (918) Auto Tech (47) Blockchain (173) CanadianCIO (96) Careers & Education (4433) Channel Strategy (35) Cloud (2084) Communications & Telecom (421) Companies (1048) Data & Analytics (1297) Development (736) Digital Transformation (1234) Distribution (126) Diversity & Inclusion (66) Ecommerce (91) Emerging Tech (24218) End User Hardware (50) Engineering (79) Financial (164) FinTech (86) Future of Work (347) Governance (106) Government & Public Sector (6082) Human Resources (861) Infrastructure (8522) IoT (6174) ITWC Morning Briefing (129) Leadership (4288) Legal (162) Legislation (167) Managed Services & Outsourcing (4312) Marketing (61) MarTech (3) Medical (31) Mobility (3429) Not For Profit (23) Open Source (30) Operations (85) People (149) Podcasts (2122) Privacy (641) Project Management (1099) Security (8015) Service (44) Smart Home (18) SMB (59) Social Networks (204) Software (4167) Supply Chain (122) Sustainability (108) Tech in Sports (5) Women in Tech (188)Īccording to a recent Mandiant research document, since 2021, a malware campaign has been targeting unpatched SonicWall SMA edge devices, persisting even after firmware updates.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |