Middle East Governments Hit by Sneaky CR4T Backdoor Hackers.

TLDR:

Key Points:

Government entities in the Middle East targeted by CR4T backdoor campaign
Dropper extracts C2 server address using novel techniques to evade detection

In a recent discovery by Russian cybersecurity company Kaspersky, government entities in the Middle East have been targeted in a sophisticated campaign deploying a new backdoor known as CR4T. The campaign, codenamed DuneQuixote, employs evasion techniques to prevent detection, with a dropper extracting a hidden C2 server address using a novel method involving Spanish poem strings.

The CR4T backdoor, available in both C/C++ and Golang versions, allows attackers to execute commands, upload and download files, and establish persistent communication with the C2 server using unique tactics like COM object hijacking and the Telegram API. This indicates that threat actors behind DuneQuixote are continuously refining their tools and tradecraft to target entities in the Middle East.

The sophistication of the CR4T campaign highlights the need for advanced cybersecurity measures to protect against such stealthy and persistent threats, especially in critical government sectors.

Post Views: 85

Latest from Blog

Financial sector prime target for DDoS attacks, Akamai study finds

TLDR: – Financial services sector remains the top target for DDoS attacks for the second consecutive year – APJ region faces significant cybersecurity challenges with a high threat score for phishing A

Watch out for serverless architecture’s cybersecurity risks for businesses

Serverless Architecture and Cybersecurity Risks TLDR: Move towards serverless architecture presents new security challenges Threat actors are exploring vulnerabilities in serverless environments Today’s cybersecurity landscape is rapidly evolving with the adoption of