howsite.blogg.se - Software categories in east

#Software categories in east install
#Software categories in east update
#Software categories in east software
#Software categories in east code

#Software categories in east software

TimelineĪccording to ESET telemetry, in March 2021 the attackers deployed malware to several machines of the software developer company. The customer portfolio of the DLP company includes government and military entities, making the compromised company an especially attractive target for an APT group such as Tick. Using ESET telemetry, we didn’t detect any other cases of malicious updates outside the DLP company’s network.

#Software categories in east update

The attackers also compromised update servers, which delivered malicious updates on two occasions to machines inside the network of the DLP company.

#Software categories in east code

This led to the execution of malicious code in networks of two of the compromised company’s customers when the trojanized installers were transferred via remote support software – our hypothesis is that this occurred while the DLP company provided technical support to their customers. The attackers deployed persistent malware and replaced installers of a legitimate application known as Q-dir with trojanized copies that, when executed, dropped an open-source VBScript backdoor named ReVBShell, as well as a copy of the legitimate Q-Dir application. In March 2021, through unknown means, attackers gained access to the network of an East Asian software developer company.

#Software categories in east install

While still a zero-day, the group used the exploit to install a webshell to deploy a backdoor on a webserver. Our latest report into Tick’s activity found it exploiting the ProxyLogon vulnerability to compromise a South Korean IT company, as one of the groups with access to that remote code execution exploit before the vulnerability was publicly disclosed. Tick employs an exclusive custom malware toolset designed for persistent access to compromised machines, reconnaissance, data exfiltration, and download of tools. This group is of interest for its cyberespionage operations, which focus on stealing classified information and intellectual property.

Tick (also known as BRONZE BUTLER or REDBALDKNIGHT) is an APT group, suspected of being active since at least 2006, targeting mainly countries in the APAC region.

The investigation revealed a previously undocumented downloader named ShadowPy.

As a result, two of their customers were compromised.

The attackers deployed at least three malware families and compromised update servers and tools used by the company.

ESET researchers attribute this attack with high confidence to the Tick APT group.

ESET researchers uncovered an attack occurring in the network of an East Asian data-loss prevention company with a customer portfolio that includes government and military entities.

How the data-loss prevention company was initially compromised is unknown. During the intrusion, the attackers deployed a previously undocumented downloader named ShadowPy, and they also deployed the Netboy backdoor (aka Invader) and Ghostdown downloader.īased on Tick’s profile, and the compromised company’s high-value customer portfolio, the objective of the attack was most likely cyberespionage. In this blogpost, we provide technical details about the malware detected in the networks of the compromised company and of its customers. The attackers compromised the DLP company’s internal update servers to deliver malware inside the software developer’s network, and trojanized installers of legitimate tools used by the company, which eventually resulted in the execution of malware on the computers of the company’s customers. The incident took place in the network of an East Asian company that develops data-loss prevention (DLP) software.

ESET Research uncovered a campaign by APT group Tick against a data-loss prevention company in East Asia and found a previously unreported tool used by the groupĮSET researchers discovered a campaign that we attribute with high confidence to the APT group Tick.