Saturday, September 7, 2024
HomeBackdoorAPT15 Hackers Using Steganography Technique to Drop Okrum Backdoor Via PNG...

APT15 Hackers Using Steganography Technique to Drop Okrum Backdoor Via PNG File to Evade Detection

Published on

Researchers discovered a previously unseen malware called Okrum that distributed from APT15 threat group via a hidden PNG file with steganography technique to evade detection.

APT15 threat group also known as Ke3chang has a long history of its malicious activities since 2010, and it was initially reported in 2013 during their campaign activity attack organization in Europe.

Okrum backdoor initially detected in December 2016 that targets various countries such as Slovakia, Belgium, Chile, Guatemala and Brazil and is believed to be operating out of China.

- Advertisement - EHA

Okrum backdoor initially detected in December 2016 that targets various countries such as Slovakia, Belgium, Chile, Guatemala Brazil and is believed to be operating out of China.

The APT group continues to be active in 2019 to attack the same type of target but were using different malicious toolsets to compromise them.

Okrum has a similar modus operandi as previously documented Ke3chang (APT15)malware family with a basic set of backdoor commands.

Okrum Distribution and infection vector By APT15

Threat actors from APT15 hiding the okrum payload within a PNG file and infect the victim’s machine using steganography technique stay unnoticed and evade detection.

Attackers tried to hide malicious traffic with its C&C server within the normal traffic by registering the legitimate domain names.

Okrum backdoor installed and loaded by 2 different components which is frequently changed by malware authors to avoid detection.

According to ESET research, “Okrum is only equipped with basic backdoor commands, such as downloading and uploading files, executing files and shell commands. Most of the malicious activity has to be performed by typing shell commands manually, or by executing other tools and software”

“Researchers believe that the combination of simple backdoor and external tools fully accommodates their needs while being easier to develop, but it may also be an attempt to evade behavioral detection.”

Along with this, researchers discovered some of the external tools such as keylogger, tools for dumping passwords, or enumerating network sessions.

Based on the telemetry data, Threat actors employed various anti-emulation and anti-sandbox technique to avoid detection and it mainly targeting Slovakia, Belgium, Chile, Guatemala, and Brazil, Slovakia.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Also Read:

Chinese APT’s New Malware MirageFox Launch Cyber Attack on Government & Military Sectors

Hackers using steganography to Drop the Powload Malware & Hide Their Malvertising Traffic

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Researchers Unpacked AvNeutralizer EDR Killer Used By FIN7 Group

FIN7 (aka Carbon Spider, ELBRUS, Sangria Tempest) is a Russian APT group that is...

Lazarus Hackers Attacking Job-Seekers to Deliver Javascript Malware

The Lazarus Group is one of the most notorious hacker groups linked to the...