Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » The new Windows Backdoor BITSLOTH uses BITS for stealth communication
Global Security

The new Windows Backdoor BITSLOTH uses BITS for stealth communication

AdminBy AdminAugust 2, 2024No Comments3 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


August 2, 2024Ravi LakshmananCyber ​​Attack / Windows Security

Cybersecurity researchers have discovered a previously undocumented Windows backdoor that uses the built-in Background Intelligent Transfer Service (BITS) as a command and control (C2) mechanism.

A recently discovered strain of malware has been given a codename BITZLEN Elastic Security Labs, which made the discovery on June 25, 2024, in connection with a cyber attack targeting an unspecified Ministry of Foreign Affairs of the South American government. The activity cluster is tracked under the alias REF8747.

“The most recent iteration of the backdoor at the time of publication has 35 handler functions, including keyboard and screen capture capabilities,” security researchers Seth Goodwin and Daniel Stepanik said. “In addition, BITSLOTH contains many different functions for opening, listing and executing the command line.”

Cyber ​​security

This tool, which has been in development since December 2021, is believed to be used by threat actors to collect data. It is currently unclear who is behind this, although an analysis of the source code has revealed writing features and strings that suggest the authors may be native Chinese speakers.

Another potential connection to China involves the use of an open source tool called The Q ring. RingQ is used to encrypt malware and prevent detection by security software, which is then decrypted and executed directly in memory.

In June 2024 AhnLab Security and Intelligence Center (ASEC) revealed that vulnerable web servers are used to remove web shells, which are then used to deliver additional payloads, including a cryptocurrency miner via RingQ. The attacks were attributed to a Chinese-speaking threat actor.

The attack also features the use of STOWAWAY to proxy encrypted C2 traffic over HTTP and a port forwarding utility called iox, the latter of which was previously used by a Chinese cyber espionage group called Bronze starlight (aka Emperor Dragonfly) in the Cheerscrypt ransomware attacks.

BITSLOTH, which is in the form of a DLL file (“flengine.dll”), is loaded via DLL sideloading methods using a legitimate Image-Line-related executable known as Studio FL (“fl.exe”).

“In the latest version, the developers added a new scheduling component to control the specific time BITSLOTH should run in the victim’s environment,” the researchers said. “This is a feature we have observed in other modern malware families such as GAMES.”

A full-featured backdoor, BITSLOTH is capable of running and executing commands, uploading and downloading files, performing enumeration and discovery, and collecting sensitive data through keylogging and screen capture.

It can also set the communication mode to HTTP or HTTPS, remove or change the save configuration, terminate arbitrary processes, log users off the machine, restart or shut down the system, and even update or remove itself from the host. A defining aspect of the malware is its use of BITS for C2.

“This medium is attractive to adversaries because many organizations still find it difficult to monitor BITS network traffic and detect unusual BITS tasks,” the researchers added.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.