Cyber espionage: new Sponsor backdoor hits various industries
New cyber threat: Charming Kitten affects at least 34 companies
An Iran-linked cyber spy group known as Charming Kitten has infected 34 victims in Brazil, Israel and the United Arab Emirates with a new backdoor called Sponsor. This malware exploits vulnerabilities in Microsoft Exchange servers. Experts recommend applying security patches and staying vigilant for threats.
An Iran-linked cyber spy group called Charming Kitten has infected at least 34 victims in Brazil, Israel and the United Arab Emirates with a new backdoor.
Activities of cyber spies linked to Iran
Charming Kitten, also known as APT42, Ballistic Bobcat, Mint Sandstorm and NewsBeef, has been active for over a decade and is alleged to be acting on behalf of Iran's Islamic Revolutionary Guard Corps (IRGC). The group targeted activists, government organizations and journalists.
The new Sponsor backdoor
The cyber spy group recently used a new backdoor called Sponsor. This malware has primarily been employed against organizations across various industries, including automotive, engineering, financial services, healthcare, manufacturing, media, technology, and telecommunications. Sponsor exploits known vulnerabilities in Microsoft Exchange servers to gain initial access.
The scanning and exploitation operation
While many of the identified targets have no obvious intelligence value, it appears that the attacks are not targeted, but rather a scan and exploit operation. In fact, out of 34 identified victims, 16 were also compromised by other threat actors. Sponsor is written in C++ and runs as a persistent service that communicates with control servers to receive commands. The cyber spy group continues to use a diverse set of open source tools, complemented by some custom applications, including the Sponsor backdoor. Experts recommend securing devices exposed to the Internet through patching and remaining vigilant for any new suspicious applications within your organizations.
Follow us on Instagram for more pills like this09/12/2023 14:02
Editorial AI