Thursday, May 8, 2025
HomeBackdoorA New Hacking Group Spreading Sophisticated "Daserf" Backdoor using Steganography

A New Hacking Group Spreading Sophisticated “Daserf” Backdoor using Steganography

Published on

SIEM as a Service

Follow Us on Google News

A new Cyber cyberespionage group called REDBALDKNIGHT Spreading advance Daserf Backdoor against Japanese based government agencies such as biotechnology, electronics manufacturing, and industrial chemistry systems.

This sophisticated backdoor capable of performing some dangerous activities including execute shell commands, download and upload data, take screenshots, and log keystrokes.

Unlike other backdoors, it has some stealthy techniques to evade detection and its use steganography, embedding codes are using to hide the malicious code with a spreading medium such as images.

- Advertisement - Google News

Also Read: Dangerous Cyber Espionage Group Called Sowbug Spotted Conducting High Profile Cyber Attacks

Attackers using some social engineering techniques as well to reach out their malware and indicator are mainly translated into the Japanese Language.

According to Trend Micro Report,The decoy documents they use in their attack chain are written in fluent Japanese, and particularly, created via the Japanese word processor Ichitaro.
“Decoy Documents” are automatically generated and stored on a file system by the D3 System with the aim of enticing a malicious user.The decoy documents contain several different types of bogus credentials that when used, trigger an alert.

This Decoy document sending Across to victims using Spearphishing Emails such as disaster prevention” Plans for the targeted organization.

How Does Daserf Backdoor  Attack Chain Works

Traditional Spearphishing emails are using for the intial entry point of REDBALDKNIGHT’s attacks with attacked  Decoy document that contains Trojan downloader that will help to retrieve the original Daserf backdoor.

Once Victims opened the file, it will communicate with attacked owned compromised site and that will have embedded  Daserf backdoor file.

Daserf Backdoor connected to another compromised site to Download an Image that will be either the encrypted backdoor configurations or hacking tool.

Daserf Backdoor

Execution Flow of Daserf Backdoor

Later Daserf Backdoor connect to its C&C and await for commands form Attacker to initiate the further Malicious activities.

In this case Trojan downloader act as an initial level of Backdoor that is capable of open the shell and also  XXMM, xxmm2_ steganography is used to hide malicious code within an image file.

EDBALDKNIGHT’s tool can create, embed, and hide executables or configuration files within the image file with its tag and encrypted strings via steganography. An encrypted string can be an executable file or a URL.

Daserf Backdoor regularly undergo technical improvements used to evade the traditional antivirus detection also it users the MPRESS packer that helps to protect against AV detection and reverse engineering phase.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Lazarus Hackers Tamper with Software Packages to Gain Backdoor Access to the Victims Device

A recent investigation conducted by STRIKE, a division of SecurityScorecard, has unveiled the intricate...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

QSC: Multi-Plugin Malware Framework Installs Backdoor on Windows

The QSC Loader service DLL named "loader.dll" leverages two distinct methods to obtain the...