HomeNewsFortinet, Ivanti zero-day victims face developed persistence by the espionage actor

Fortinet, Ivanti zero-day victims face developed persistence by the espionage actor

“REPTILE seemed to be the rootkit of selection by UNC3886 because it was noticed being deployed instantly after getting access to compromised endpoints,” Mandiant added. “REPTILE is an open-source Linux rootkit, applied as a loadable kernel module (LKM), that gives backdoor entry to a system.”

MEDUSA, too, is an open-source rootkit with capabilities of logging person credentials from profitable authentications, both regionally or remotely, and command executions. “These capabilities are advantageous to UNC3886 as their modus operandi to maneuver laterally utilizing legitimate credentials,” Mandiant added.

Utilizing a trusted third occasion as C2

The risk actor was seen utilizing malware, similar to MOPSLED and RIFLESPINE, which exploits trusted third-party companies together with GitHub and Google Drive as command-and-control (C2) channels, whereas relying on rootkits for sustaining persistence.

See also  Cato Networks extends SASE platform with digital expertise monitoring
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular