| Category | Details |
|---|---|
| Threat Actors | CoughingDown, Chinese state-aligned threat cluster Cluster Alpha, BackdoorDiplomacy, REF5961, Worok, TA428. |
| Campaign Overview | Targeted ISPs and governmental entities in the Middle East with an updated variant of EAGERBEE malware framework. |
| Target Regions (Or Victims) | Middle East ISPs and governmental entities, East Asia organizations. |
| Methodology | Injection of DLL to launch EAGERBEE backdoor; plugins for various tasks like system enumeration and data exfiltration. |
| Product Targeted | Governmental and ISP infrastructure, sensitive data related to military and political secrets. |
| Malware Reference | EAGERBEE (aka Thumtais). |
| Tools Used | EAGERBEE backdoor, Plugin Orchestrator, Remote Access Manager, File System Manipulation, Process Exploration. |
| Vulnerabilities Exploited | ProxyLogon vulnerability (CVE-2021-26855) for web shell deployment, memory-resident architecture. |
| TTPs | DLL injection, memory-resident architecture, system enumeration, process management, remote connections. |
| Attribution | CoughingDown (suspected); Chinese state-aligned Cluster Alpha and associated groups. |
| Recommendations |
Patch ProxyLogon vulnerability, use advanced endpoint security, monitor network connections for anomalies. |
| Source | The Hackers News |
Read full article: https://thehackernews.com/2025/01/new-eagerbee-variant-targets-isps-and.html
The above summary has been generated by an AI language model
Leave a Reply