Recently, several unknown cybercriminals have been working to deploy a new backdoor. This new malware uses CIA Hive, a multi-platform malware suite that harnesses the power of source code from the November 2017 leak.
Alex Turing and Hui Wang of Qihoo Netlab 360s shared in a technical report that "this is the first time we caught a variant of the CIA Hive attack kit in the wild, and we named it xdr33 based on its embedded Bot-side certificate CN=xdr33."
The attack kit, xdr33, can covertly exploit some unspecified N-day security vulnerabilities in F5 appliances. This kit conducts this function using a command-and-control (C2) server using SSL with fake Kaspersky certificates.
Essentially the goal is to gather as much sensitive information as possible and act as a springboard for future breachers; this new backdoor has new C2 instructions and capabilities to conduct such breaches successfully.
Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.
Comments