1 min read

New Nebulae Backdoor Linked with the NAIKON Group

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
New Nebulae Backdoor Linked with the NAIKON Group

DLL hijacking is a malware execution technique that hardly needs any introduction. But while spotting DLL hijacking vulnerabilities would get mots security researchers bounty or a mention in a hall of fame, our investigation of sideloading techniques in several vulnerable applications led to the discovery of a long-running operation of a notorious APT group known as NAIKON.

Unlike previous NAIKON operations, the one documented in the whitepaper below features a secondary backdoor that has an important role in persistence. We called it Nebulae.

Who is NAIKON?

NAIKON is a threat actor that has been active for more than a decade. Likely tied with China, the group focuses on high-profile targets such as government agencies and military organizations in the South Asia region.

Targets

During our investigation, we identified that the victims of this operation are military organizations located in Southeast Asia. The malicious activity was conducted between June 2019 and March 2021. At the beginning of the operation, the threat actors used Aria-Body loader and Nebulae as the first stage of the attack. From our observations, starting with September 2020, the threat actors included the RainyDay backdoor in their toolkit. The purpose of this operation was cyber-espionage and data theft.

Mitigation

Bitdefender enables organizations to contend with  APT style attacks with GravityZone endpoint detection and response (EDR) and managed detection and response (MDR) services that apply the MITRE ATT&CK framework for identifying and remediating security incidents throughout the entire attack kill chain.

For more detailed information about the investigation, please check out the full paper below:

Download the whitepaper

tags


Author



Right now

Top posts

Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike
Filip TRUȚĂRăzvan GOSAAdrian Mihai GOZOB
4 min read
New FluBot and TeaBot Global Malware Campaigns Discovered New FluBot and TeaBot Global Malware Campaigns Discovered
Bitdefender

January 26, 2022

10 min read
Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer
Bitdefender

January 19, 2022

2 min read