Mastodawn

#Windows version of #SprySOCKS #Linux #malware used to attack govt orgs

https://www.bleepingcomputer.com/news/security/windows-version-of-sprysocks-linux-malware-used-to-attack-govt-orgs/

Windows version of SprySOCKS Linux malware used to attack govt orgs

Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries.

BleepingComputer

securityaffairs 3d ago

#China-Linked #FishMonger Ports #SprySOCKS to #Windows With Kernel-Level Stealth and UEFI Bootkit Hints
https://securityaffairs.com/193728/apt/china-linked-fishmonger-ports-sprysocks-to-windows-with-kernel-level-stealth-and-uefi-bootkit-hints.html
#securityaffairs #hacking #malware

China-Linked FishMonger Ports SprySOCKS to Windows With Kernel-Level Stealth and UEFI Bootkit Hints - Security Affairs

China-linked FishMonger used two SprySOCKS Windows variants that leveraged kernel drivers and the Print Spooler to target governments.

Security Affairs

RedPacket Security 3d ago

SprySOCKS backdoor expands from Linux to Windows with kernel-level stealth - https://www.redpacketsecurity.com/sprysocks-backdoor-expands-from-linux-to-windows/

#threatintel #SprySOCKS #kernel_rootkit #FishMonger_APT

SprySOCKS backdoor expands from Linux to Windows with kernel-level stealth - RedPacket Security

The SprySOCKS backdoor used by a China-aligned espionage group has expanded from Linux to Windows, gaining a kernel-level stealth layer that hides it from the

RedPacket Security

CyberNetsecIO 3d ago

📰 China-Linked SprySOCKS Backdoor Adds Windows Variants with Kernel-Level Stealth

🇨🇳 China-linked 'FishMonger' group upgrades SprySOCKS backdoor for Windows. New variant uses a kernel driver for advanced stealth, hiding files, processes, and network activity. 🕵️‍♂️ #SprySOCKS #FishMonger #Winnti #CyberEspionage #Malware

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/china-linked-sprysocks-backdoor-evolves-with-new-windows-variants/?utm_source=mast…

Analyst207 4d ago

China-Linked Backdoor Expands to Windows with Kernel Stealth

A China-linked espionage group has unleashed a stealthy backdoor that infiltrates Windows systems, targeting government bodies in Honduras, Taiwan, Thailand, and Pakistan. The malware, known as SprySOCKS, boasts advanced espionage features and kernel-level stealth, making it a formidable threat.

https://osintsights.com/china-linked-backdoor-expands-to-windows-with-kernel-stealth?utm_source=mastodon&utm_medium=social

#ChinalinkedBackdoor #Sprysocks #Fishmonger #KernelStealth #WindowsMalware

China-Linked Backdoor Expands to Windows with Kernel Stealth

Discover how China-linked backdoor SprySOCKS expands to Windows with kernel stealth, targeting gov bodies. Learn more about WIN_DRV and WIN_PLUS variants now.

OSINTSights

ESET Research 4d ago

#ESETresearch discovered two as-yet undocumented Windows variants of #SprySOCKS, a previously Linux-only backdoor reportedly used by #FishMonger. We attribute the new Windows variants to #FishMonger with high confidence. https://www.welivesecurity.com/en/eset-research/fishmongers-arsenal-upgraded-sprysocks-windows/
Both newly discovered Windows variants, named WIN_PLUS and WIN_DRV by their authors, support communication over TCP, UDP, and WebSocket protocols, while WIN_DRV weaponizes a kernel driver for enhanced stealth.
The WIN_DRV variant creates a stealthy passive TCP backdoor and uses a kernel driver to redirect traffic to the backdoor’s hidden TCP port whenever specially crafted data is detected inside a received TCP packet.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/sprysocks
Read the full analysis on WeLiveSecurity: https://www.welivesecurity.com/en/eset-research/fishmongers-arsenal-upgraded-sprysocks-windows/

Analyst207 4d ago

Earth Lusca Expands Arsenal with Windows SprySOCKS Malware

Chinese threat actor Earth Lusca has upgraded its malware arsenal with Windows SprySOCKS, a sneaky tool that lets hackers secretly send commands to compromised devices, allowing them to fly under the radar. This latest move has been linked to a string of high-profile attacks on government organizations worldwide.

https://osintsights.com/earth-lusca-expands-arsenal-with-windows-sprysocks-malware?utm_source=mastodon&utm_medium=social

#EarthLusca #WindowsSprysocksMalware #Sprysocks #China #Government

Earth Lusca Expands Arsenal with Windows SprySOCKS Malware

Learn how Earth Lusca uses Windows SprySOCKS malware to divert TCP traffic and issue commands. Discover the threat actor's tactics and protect your organization now from cyber attacks.

OSINTSights

bojkotiMalbona Oct 1, 2023

Linux backdoor is a Windows malware knockoff: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

.#security #linux #SprySOCKS #Trochilus #APT10

Chinese hackers have unleashed a never-before-seen Linux backdoor

SprySOCKS borrows from open source Windows malware and adds new tricks.

Ars Technica

Benjamin Carr, Ph.D. 👨🏻‍💻🧬Sep 20, 2023

#Chinese hackers have unleashed a never-before-seen #Linux #backdoor
#SprySOCKS borrows from open source Windows #malware and adds new tricks. https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Chinese hackers have unleashed a never-before-seen Linux backdoor

SprySOCKS borrows from open source Windows malware and adds new tricks.

Ars Technica

Curny Sep 20, 2023

The China-linked #threat actor known as Earth Lusca has been observed targeting #government entities using a never-before-seen #Linux #backdoor called #SprySOCKS.

https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html

Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities

Earth Lusca, a China-linked group, is using a stealthy Linux backdoor called SprySOCKS to target government entities worldwide.

The Hacker News