APT (Advanced Persistent Threat) actors are evolving at a rapid pace, continually enhancing their toolsets and tactics.
They adapt quickly to security measures, leveraging advanced techniques, such as zero-day exploits, to remain undetected.
Their ability to innovate and collaborate in the underground cybercriminal ecosystem makes tracking and countering APT threats an ongoing challenge for cybersecurity professionals.
Cybersecurity researchers at Symantec’s Threat Hunter Team recently discovered that Budworm APT group has evolved its toolset and is actively targeting the following entities:-
In August 2023, Budworm APT deployed a new variant of its exclusive SysUpdate backdoor (SysUpdate DLL inicore_v2.3.30.dll) in both attacks, which was previously unseen.
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Budworm employed custom and publicly available tools in these attacks, primarily focusing on credential harvesting. The group’s activity may have been suspended early in the attack chain.
Budworm employs DLL sideloading through INISafeWebSSO to execute SysUpdate on victim networks, a technique used by the group since 2018 to evade detection.
Besides this, SysUpdate offers several capabilities that we have mentioned below:-
Trend Micro reported about Budworm’s Linux SysUpdate with Windows-like capabilities in March 2023, which has been part of Budworm’s developing toolbox since 2020.
Here below, we have mentioned all the tools that the threat actors use:-
Budworm is a persistent APT group active since 2013 that targets high-value victims across sectors globally. Their activities include a U.S. state legislature breach in October 2022 using DLL sideloading for HyperBro malware.
In Budworm’s recent campaign, the group targeted an Asian government and a Middle Eastern telecom, as they are consistent with their typical intelligence-gathering focus.
Budworm’s use of known techniques and tools, like SysUpdate and DLL sideloading, signals their confidence despite detection risk.
The appearance of a new SysUpdate version in August 2023 indicates ongoing toolset development, suggesting their current activity.
SHA256 file hashes
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals,…