Tech Komando

Your Best Source For Technology News

May 3, 2022

Botnet that hid for 18 months boasted some of the coolest tradecraft ever

Botnet that hid for 18 months boasted some of the coolest tradecraft ever

Enlarge

It’s not the kind of security discovery that happens often. A previously unknown hacker group used a novel backdoor, top-notch tradecraft, and software engineering to create an espionage botnet that was largely invisible in many victim networks.

The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. There are many keys to its stealth, including:

A tunneling fetish with SOCKS

In a post, Mandiant researchers Doug Bienstock, Melissa Derr, Josh Madeley, Tyler McLellan, and Chris Gardner wrote:

Read 11 remaining paragraphs | Comments


and this