1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Researchers hijack thousands of backdoors thanks to expired domai

    From TechnologyDaily@1337:1/100 to All on Thu Jan 9 12:30:05 2025
    Researchers hijack thousands of backdoors thanks to expired domains

    Date:
    Thu, 09 Jan 2025 12:14:00 +0000

    Description:
    Expired domains allowed watchTowr to access and sinkhole thousands of web backdoors.

    FULL STORY ======================================================================Research ers found thousands of forgotten, but active, web backdoors They gained
    access by purchasing expired domains All of the backdoors are being sinkholed

    Experts recently uncovered more than 4,000 web backdoors which their
    operators seem to have forgotten, but which they managed to seize and
    sinkhole them, effectively preventing them from being abused by other threat actors in the future.

    Two researchers from watchTowr, CEO Benjamin Harris, and researcher Aliz Hammond, said they discovered thousands of expired domains that were used to command the web backdoors.

    watchTowrs researchers set up a logging system, which showed that the malware was still active, despite not being in use. It was sending requests that helped the researchers identify some of the victims. They also identified a few of the backdoors used, including the r57shell, c99shell, and one called China Chopper. China under assault

    Some of the backdoors were deployed on web servers belonging to government agencies, universities, and other similar high-profile targets. Victims were located all over the world, including China, Thailand, and South Korea. In fact, a number of Chinese government systems and courts were said to have
    been compromised, as well as systems in Nigeria and Bangladesh.

    The backdoors appear to be a mix of legitimate APT-level tools and other,
    less sophisticated implementations, leading the researchers to speculate that multiple threat actors, of different skill levels, were involved. The source IPs also pointed to heavy usage by attackers from regions like Hong Kong and China, though these could also be proxies and not definitive evidence of attribution.

    The researchers also suggested at least some of the backdoors were originally associated with the dreaded Lazarus Group, but stressed that in this case, they were likely repurposed by other attackers. Lazarus is one of the most dangerous North Korean state-sponsored threat actors, actively engaged in industrial espionage, identity theft, wire fraud, and more.

    At press time, the number of discovered web backdoors was 4,000, with the researchers adding that this was not definitive and that the actual number of compromised systems was likely much larger.

    Via BleepingComputer You might also like This devious backdoor installer gives hackers full control over courtroom devices Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/researchers-hijack-thousands-of-backdoo rs-thanks-to-expired-domains


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)