Subj : Salt Typhoon targets telcos again with backdoor GhostSpider malwa To : All From : TechnologyDaily Date : Tue Nov 26 2024 16:15:05 Salt Typhoon targets telcos again with backdoor GhostSpider malware Date: Tue, 26 Nov 2024 16:03:00 +0000 Description: GhostSpider remains in memory and can steal sensitive data, experts warn. FULL STORY ======================================================================Trend Micro discovers brand new backdoor called GhostSpider It can exfiltrate sensitive data and tamper with the OS It was used by a Chinese state-sponsored threat actor known as Salt Typhoon Infamous Chinese state-sponsored threat actor Salt Typhoon has been seen using a brand new backdoor malware to target telecommunication service providers. A report from cybersecurity professionals Trend Micro analyzed the backdoor, called GhostSpider, noting it is used in long-term cyber-espionage operations, with its key stealth mechanisms include remaining exclusively in memory, and encrypting its communication with the C2 server. GhostSpider is capable of a number of things, including uploading malicious modules into memory, activating the module by initializing necessary resources, executing the primary loader function (data exfiltration, or system tampering), and closing the module to free memory and remain out of sight. Finally, it can adjust its behavior to avoid getting detected, while maintaining periodic communication with the C2 server. Abusing endpoint flaws The Washington Post noted US authorities recently notified 150 victims, most of which were in the D.C. area, that Salt Typhoon was eavesdropping on their communications. In its report, Trend Micro added besides telecommunications, the Chinese target government entities, technology, consulting, chemicals, and transportation sectors in the U.S., Asia-Pacific, Middle East, South Africa, and other regions. To breach the systems, Salt Typhoon would exploit a number of flaws in different endpoints, including bugs in Ivants Connect Secure VPN, Fortinets FortiClient EMS, Sophos Firewall, and others. While GhostSpider took all the limelight, Salt Typhoon was also spotted using other, never-seen-before variants, including a Linux backdoor called Masol RAT, a rootkit called Demodex, and a backdoor named SnappyBee. Known as one of the more dangerous threat actors, Salt Typhoon mostly focuses on data exfiltration and surveillance, often aimed at government agencies, political figures, and key industries in the U.S. and allied nations. Some of its notable victims include major U.S. telecommunications providers such as T-Mobile, AT&T, Verizon, and Lumen Technologies. Via BleepingComputer You might also like T-Mobile confirms its network was hit by Chinese hackers Here's a list of the best firewalls today These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/salt-typhoon-targets-telcos-again-with- backdoor-ghostspider-malware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .