Researchers hijack thousands of backdoors thanks to expired domains

Posted by:
Emma Walker
Sat, 11 Jan
0 Comment
Feature image

Researchers have uncovered over 4,000 forgotten web backdoors that were still active, despite being abandoned by their operators. The backdoors were identified and neutralized to prevent potential misuse by other threat actors. The discovery was made by experts from watchTowr, who observed that the malware associated with these backdoors was still operational. Some of the backdoors were found on servers belonging to government agencies and universities worldwide, including in China, Thailand, and South Korea. The backdoors were a mix of sophisticated APT-level tools and less advanced implementations, indicating involvement from multiple threat actors. While some backdoors were linked to the notorious Lazarus Group, it was believed they had been repurposed by other attackers. The total number of compromised systems was suspected to be higher than the identified 4,000 backdoors.

Tags:

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments