Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

New Moriya Rootkit Used In The Wild To Backdoor Windows Systems

An unknown threat actor used a new stealthy rootkit to backdoor targeted Windows systems what looks like an ongoing espionage campaign dubbed TunnelSnake going back to at least 2018. New Moriya Rootkit Used In The Wild To Backdoor Windows Systems

Rootkits are malicious tools designed to evade detection by burying deep into the operating system and used by attackers to fully take over infected systems while avoiding detection.

The previously unknown malware, dubbed Moriya by Kaspersky researchers who discovered it in the wild, is a passive backdoor that enables attackers to covertly spy on their victims’ network traffic and send commands to compromised hosts.

Unusually Evasive Espionage Backdoor

Moriya allowed TunnelSnake operators to capture and analyze incoming network traffic “from the Windows kernel’s address space, a memory region where the operating system’s kernel resides and where typically only privileged and trusted code runs.”

The way the backdoor received commands in the form of custom-crafted packets hidden within the victims’ network traffic, without needing to reach out to a command-and-control server, further added to the operation’s stealth showing the threat actor’s focus on evading detection.

“We see more and more covert campaigns such as TunnelSnake, where actors take additional steps to remain under the radar for as long as possible, and invest in their toolsets, making them more tailored, complex and harder to detect,” Mark Lechtik, a senior security researcher at Kaspersky’s Global Research and Analysis Team, said.

According to Kaspersky’s telemetry, the malware was deployed on the networks of less than 10 entities in highly targeted attack

The threat actor used backdoored systems belonging to Asian and African diplomatic entities and other high-profile organizations to gain control of their networks and maintain persistence for months without being detected.

The attackers also deployed additional tools (including China Chopper, BOUNCER, Termite, and Earthworm) during the post-exploitation stage on the compromised systems (custom-made and previously used by Chinese-speaking actors).

This enabled them to move laterally on the network after scanning for and finding new vulnerable hosts on the victims’ networks.

All Evidence Points To Chinese-Speaking Threat Actors

Although Kaspersky researchers weren’t able to attribute the campaign to a specific threat actor, the Tactics, techniques and procedures (TTPs) used in the attacks and the entities targeted suggest that the attackers are likely Chinese-speaking.


“We also found an older version of Moriya used in a stand-alone attack in 2018, which points to the actor being active since at least 2018,” Giampaolo Dedola, a senior security researcher at Kaspersky’s Global Research and Analysis Team, added.

“The targets’ profile and leveraged toolset suggest that the actor’s purpose in this campaign is espionage, though we can only partially attest to this with lack of visibility into any actual siphoned data.”

Further technical details on the Moriya rootkit and indicators of compromise associated with the TunnelSnake campaign can be found in Kaspersky’s report.

In October, Kaspersky also found the second-ever UEFI rootkit used in the wild (known as MosaicRegressor) while investigating attacks from 2019 against two non-governmental organizations (NGOs).

The previous UEFI bootkit used in the wild is known as LoJax and was discovered by ESET in 2018 while being injected by the Russian-backed APT28 hacking group within the legit LoJack anti-theft software.

New Moriya Rootkit Used,New Moriya Rootkit Used,New Moriya Rootkit Used,New Moriya Rootkit Used,New Moriya Rootkit Used,New Moriya Rootkit Used,New Moriya Rootkit Used,

Related Articles:

US Unveils Plan To Protect Power Grid From Foreign Hackers

Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals

A Hacker Was Selling A Cybersecurity Exploit As An NFT. Then OpenSea Stepped In

Clubhouse And Its Privacy & Security Risk

Using Google’s ‘Incognito’ Mode Fails To Prevent Tracking

Kia Motors America Victim of Ransomware Attack Demanding $20M In Bitcoin, Report Claims

The Long Hack: How China Exploited A U.S. Tech Supplier

Clubhouse Users’ Raw Audio May Be Exposed To Chinese Partner

Hacker Changed Chemical Level In Florida City’s Water System

UK Merger Watchdog Suffers 150 Data Breaches In Two Years

KeepChange Foils Bitcoin Theft But Loses User Data In Sunday Breach

Hacker Refuses To Hand Police Password For Seized Wallet With $6.5M In Bitcoin

SonicWall Says It Was Victim of ‘Sophisticated’ Hack

Tor Project’s Crypto Donations Increased 23% In 2020

Read This Now If Your Digital Wallet Which Holds Your Crypto-currencies Can Be Accessed Through Cellular, Wifi, Or Bluetooth

Armed Robbers Steal $450K From Hong Kong Crypto Trader

Is Your iPhone Passcode Off Limits To The Law? Supreme Court Ruling Sought

Researchers Warn 3 Apps Have Been Stealing Crypto Undetected For A Year

Ways To Prevent Phishing Scams In 2020

The Pandemic Turbocharged Online Privacy Concerns

US Treasury Breached By Foreign-Backed Hackers

FireEye Hack Portends A Scary Era Of Cyber-Insecurity

How FinCEN Became A Honeypot For Sensitive Personal Data

Apple And Google To Stop X-Mode From Collecting Location Data From Users’ Phones

Surge In Physical Threats During Pandemic Complicates Employee Security Efforts

Imagine A Nutrition Label—for Cybersecurity

Cybercriminals Attack GoDaddy-based Cryptocurrency Platforms

Biden Team Lacks Full U.S. Cybersecurity Support In Transition Fracas

Nasdaq To Buy Anti-Financial Crime Firm Verafin For $2.75 Billion

Mysterious Software Bugs Were Used To Hack iPhones and Android Phones and No One Will Talk About It

Dark Web Hackers Say They Hold Keys To 10,000 Robinhood Accounts #GotBitcoin

Hackers Steal $2.3 Million From Trump Wisconsin Campaign Account

Crypto Scammers Deface Trump Campaign Website One Week From Elections

Telecoms Protocol From 1975 Exploited To Target 20 Crypto Executives

With Traders Far From Offices, Banks Bring Surveillance To Homes

Financial Systems Set Up To Monitor Unemployment Insurance Fraud Are Being Overloaded (#GotBlockchain?)

A Millionaire Hacker’s Lessons For Corporate America

Container Shipping Line CMA CGM Says Data Possibly Stolen In Cyberattack

Major Hospital System Hit With Cyberattack, Potentially Largest In U.S. History

Hacker Releases Information On Las Vegas-Area Students After Officials Don’t Pay Ransom

Russian Troll Farms Posing As African-American Support For Donald Trump

US Moves To Seize Cryptocurrency Accounts Linked To North Korean Heists

These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier

Uber Exec Allegedly Concealed 2016 Hack With $100K BTC ‘Bug Bounty’ Pay-Off

Senate Panel’s Russia Probe Found Counterintelligence Risks In Trump’s 2016 Campaign

Bockchain Based Surveillance Camera Technology Detects Crime In Real-Time

Trump Bans TicToc For Violating Your Privacy Rights While Giving US-Based Firm Go Ahead (#GotBitcoin?)

Facebook Offers Money To Reel In TikTok Creators

How A Facebook Employee Helped Trump Win—But Switched Sides For 2020

Facebook Rebuffs Barr, Moves Ahead on Messaging Encryption

Facebook Ad Rates Fall As Coronavirus Undermines Ad Spending

Facebook Labels Trump Posts On Grounds That He’s Inciting Violence

Crypto Prediction Markets Face Competition From Facebook ‘Forecasts’ (#GotBitcoin?)

Coronavirus Is The Pin That Burst Facebook And Google Online Ads Business Bubble

OpenLibra Plans To Launch Permissionless Fork Of Facebook’s Stablecoin (#GotBitcoin?)

Facebook Warns Investors That Libra Stablecoin May Never Launch (#GotBitcoin?)

FTC Approves Roughly $5 Billion Facebook Settlement (#GotBitcoin?)

How Facebook Coin’s Big Corporate Backers Will Profit From Crypto

Facebook’s Libra Is Bad For African Americans (#GotBitcoin?)

A Monumental Fight Over Facebook’s Cryptocurrency Is Coming (#GotBitcoin?)

Alert! 540 Million Facebook Users’ Data Exposed On Amazon Servers (#GotBitcoin?)

Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users (#GotBitcoin?)

Facebook Says Millions of Users’ Passwords Were Improperly Stored in Internal Systems (#GotBitcoin?)

Advertisers Allege Facebook Failed to Disclose Key Metric Error For More Than A Year (#GotBitcoin?)

Ad Agency CEO Calls On Marketers To Take Collective Stand Against Facebook (#GotBitcoin?)

Thieves Can Now Nab Your Data In A Few Minutes For A Few Bucks (#GotBitcoin?)

New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research (#GotBitcoin?)

Equifax, FICO Team Up To Sell Your Financial Data To Banks (#GotBitcoin?)

Cyber-Security Alert!: FEMA Leaked Data Of 2.3 Million Disaster Survivors (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Lithuanian Man Pleads Guilty In $100 Million Fraud Against Google, Facebook (#GotBitcoin?)

Hack Alert! Buca Di Beppo, Owned By Earl Enterprises Suffers Data Breach Of 2M Cards (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Maxine Waters (D., Calif.) Rises As Banking Industry’s Overseer (#GotBitcoin?)

FICO Plans Big Shift In Credit-Score Calculations, Potentially Boosting Millions of Borrowers (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply