DPRK's APT37 Targets Cambodia With Khmer, 'VeilShell' Backdoor
It's North Korea versus Cambodia, with Windows default settings and sheer patience allowing the bad guys to avoid easy detection.
Stay updated on the latest backdoor threats in cybersecurity. Discover news, analysis, and insights on covert access vulnerabilities.
Search across headline titles and summaries.
Background for this topic.
A backdoor is a hidden method within software or hardware that allows bypassing normal authentication to access a system or network. These can be intentionally created by developers for maintenance or debugging but are frequently exploited or implanted by attackers to maintain unauthorized, persistent access. Backdoors often appear as undocumented commands, hidden user accounts, or covert network services designed to evade detection.
In cybersecurity, backdoors enable attackers to circumvent security controls, increasing the risk of prolonged system compromise and data exposure. Detecting backdoors requires careful code review, monitoring for unusual system behavior, and verifying integrity through trusted baselines. Identifying backdoor indicators in malware or attacker infrastructure is critical for limiting unauthorized access and reducing attacker dwell time within networks. Defensive measures focus on eliminating hidden access points and strengthening authentication mechanisms.
It's North Korea versus Cambodia, with Windows default settings and sheer patience allowing the bad guys to avoid easy detection.
Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries
A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applicant lures
Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply by sending specially crafted emails to the SMTP server. [...]
The FIN6 group is the likely culprit behind a spear-phishing campaign that demonstrates a shift in tactics, from targeting job seekers to going after those who hire.
Trend Micro MDR (Managed Detection and Response) team promptly mitigated a more_eggs infection. Using Vision One, MDR illustrated how Custom Filters/Models and Security Playbook can be used to automate the response to more_eggs and similar threats.