The cyberespionage group Stealth Falcon is using a previously unreported binary backdoor along with Windows BITS to communicate with its command and controls server.
The revelation was made by ESET researchers who came across the backdoor, which it named Win32/StealthFalcon, which the security firm believes has many similarities with another PowerShell script with backdoor capabilities attributed that have been attributed to the Stealth Falcon group.
So far, the malware, which was likely first created in 2015, has been used against targets in the UAE, Saudi Arabia, Thailand, and the Netherlands. The Netherlands incident involved the diplomatic mission of a Middle Eastern nation in that country. This modus operandi matches that of earlier Stealth Falcon missions that were aimed at Middle Eastern targets, ESET wrote.
ESET called using Windows BITS “unusual” but noted the fact that since BITS is normally used for handling trusted communication like updaters and messengers, it is likely to be allowed past most firewalls and its normal operation makes it appear less threatening.
“Compared with traditional communication via API functions, the BITS mechanism is exposed through a COM interface and thus h ..
Support the originator by clicking the read the rest link below.
