Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency (CIA)’s Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017.
“This is the first time we caught a variant of the CIA Hive attack kit in the wild, and we named it xdr33 based on its embedded Bot-side certificate CN=xdr33,” Qihoo Netlab 360’s Alex Turing and Hui Wang said in a technical write-up published last week.
xdr33 is said to be propagated by exploiting an unspecified N-day security vulnerability in F5 appliances. It communicates with a command-and-control (C2) server using SSL with forged Kaspersky certificates.
Deixe um comentário