Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
One of the results that was pushed to about a dozen organizations is what Kaspersky called a “reduced backend.” It has the ability to execute commands, download files, and run payloads on memory – which makes the infection difficult to detect.
Kaspersky said it had spotted a sophisticated backdoor called QUIC RAT, which was installed on one of the machines belonging to an educational group located in Russia. Initial analysis found that it can inject payloads into the notepad.exe and conhost.exe processes and support various C2 communication methods, including HTTP, UDP, TCP, WSS, QUIC, DNS, and HTTP/3.
The 100 infected organizations were mainly located in Russia, Brazil, Turkey, Spain, Germany, France, Italy, and China. Kaspersky’s exposure to the attack is limited because it relies only on telemetry provided by its products.
Kaspersky researchers wrote:
The analysis shows that 10% of the affected systems are businesses and organizations. The attackers tried to destroy many of the affected machines and collect data. However, some previous payments, which are more serious, have been observed in a dozen government, scientific, manufacturing and commercial organizations located in Russia, Belarus and Thailand. This method of providing a backdoor to infected sub-machines shows that the attacker intended to introduce the infection in a targeted manner. However, their purpose – whether it is cyberespionage or ‘big game hunting’ – is unclear.
The latest supply chain threats have occurred Trivy, Checkmarx, and Bitwarden and more 150 pack it is available through the source. Last year, there were at least six known such an attack.
Anyone who uses Daemon Tools should take the time to scan their entire system using a reputable antivirus program. Windows users should also check the recommendations listed on Kaspersky’s website. For professional users, Kaspersky recommends monitoring “suspicious recordings on legitimate systems, especially when the source can be established from publicly available data such as Temp, AppData, or Public.”
