Fortinet, Ivanti zero-day victims face evolved persistence by the espionage actor
- by nlqip
“REPTILE appeared to be the rootkit of choice by UNC3886 as it was observed being deployed immediately after gaining access to compromised endpoints,” Mandiant added. “REPTILE is an open-source Linux rootkit, implemented as a loadable kernel module (LKM), that provides backdoor access to a system.”
MEDUSA, too, is an open-source rootkit with capabilities of logging user credentials from successful authentications, either locally or remotely, and command executions. “These capabilities are advantageous to UNC3886 as their modus operandi to move laterally using valid credentials,” Mandiant added.
Using a trusted third party as C2
The threat actor was seen using malware, such as MOPSLED and RIFLESPINE, which exploits trusted third-party services including GitHub and Google Drive as command-and-control (C2) channels, while depending on rootkits for maintaining persistence.
Source link
lol
“REPTILE appeared to be the rootkit of choice by UNC3886 as it was observed being deployed immediately after gaining access to compromised endpoints,” Mandiant added. “REPTILE is an open-source Linux rootkit, implemented as a loadable kernel module (LKM), that provides backdoor access to a system.” MEDUSA, too, is an open-source rootkit with capabilities of logging…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA