Sidewalk Malware Tied to China-Linked Espionage Group

  /     /     /  
Publicated : 23/11/2024   Category : security


Sidewalk Malware Tied to China-Linked Espionage Group


The Sidewalk backdoor has been connected to the Grayfly espionage group and seen in attacks in Asia and North America.



Security researchers have linked the recently discovered Sidewalk malware to Grayfly, an espionage group connected to China. The backdoor has been used in recent Grayfly attacks targeting organizations in Taiwan, Vietnam, the United States, and Mexico.
The Sidewalk malware was recently documented by ESET researchers who attributed it to a group it calls SparklingGoblin. Symantecs Threat Hunter Team has now connected the malware to Grayfly, also known as GREF and Wicked Panda, a Chinese espionage group that had several members
indicted
in the US last year. While its sometimes labeled APT41, Symantec considers Grayfly the espionage branch of APT41.
The recent campaign involving Sidewalk suggests that Grayfly has been undeterred by the publicity surrounding the indictments, researchers wrote in a blog post on their findings.
Grayfly has been seen targeting several countries in Asia, Europe, and North America, affecting organizations in a range of industries, including food, financial, healthcare, hospitality, manufacturing, and telecommunications. Its more recent activity has continued a focus on telecom with additional victims in the media, finance, and IT service provider industries.
This group usually targets public-facing Web servers to install Web shells for its initial foothold before spreading further within a target network. Once inside, Grayfly may install custom backdoors onto additional systems so they can maintain remote access.
In its recent campaign, the group seemed interested in targeting exposed Microsoft Exchange or MySQL servers, suggesting its initial attack vector may include exploiting multiple flaws on public-facing servers. In at least one attack, the Exchange activity was followed by PowerShell commands used to then install an unidentified Web shell before executing the backdoor.
Read the
full blog post
for more details.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Sidewalk Malware Tied to China-Linked Espionage Group