Summary: A newly identified malware known as “Squidoor” poses a significant threat to various sectors in Southeast Asia and South America, attributed to a suspected Chinese threat actor. This malware utilizes advanced techniques to infiltrate networks, maintain persistence, and exfiltrate sensitive data, making it a sophisticated tool for cyber espionage. Measures to detect and counteract this malware are crucial, as it employs stealthy communication channels and blends into legitimate network traffic.
Affected: Government, Defense, Telecommunications, Education, Aviation sectors in Southeast Asia and South America
Keypoints :
- Squidoor uses advanced Multi-Protocol Command-and-Control (C2) techniques, leveraging tools like Outlook API and DNS tunneling.
- The malware gains initial access through exploits in Internet Information Services (IIS) servers and spreads laterally using disguise tactics.
- Persistent threats are maintained via Living-Off-the-Land techniques, such as utilizing Microsoft’s Console Debugger, and modular functionality enables various malicious activities while evading detection.
Source: https://gbhackers.com/multi-vector-malware-exploiting-outlook-api-dns-icmp/