Technology NewsNew Backdoor Created Using Leaked CIA's Hive Malware Discovered...

New Backdoor Created Using Leaked CIA’s Hive Malware Discovered in the Wild

-


Jan 16, 2023Ravie LakshmananThreat Landscape / Malware

New Backdoor Created Using Leaked CIA’s Hive Malware Discovered in the Wild

Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency (CIA)’s Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017.

“This is the first time we caught a variant of the CIA Hive attack kit in the wild, and we named it xdr33 based on its embedded Bot-side certificate CN=xdr33,” Qihoo Netlab 360’s Alex Turing and Hui Wang said in a technical write-up published last week.

xdr33 is said to be propagated by exploiting a security vulnerability in the F5 appliance and communicating with a command-and-control (C2) server using SSL with forged Kaspersky certificates.

The intent of the backdoor, per the Chinese cybersecurity firm, is to harvest sensitive information and act as a launchpad for subsequent intrusions. It improves upon Hive by adding new C2 instructions and functionalities, among other implementation changes.

The ELF sample further operates as a Beacon by periodically exfiltrating system metadata to the remote server and executing commands issued by the C2.

CIA's Hive Malware
CIA's Hive Malware

This includes the ability to download and upload arbitrary files, run commands using cmd, and launch shell, in addition to updating and erasing traces of itself from the compromised host.

The malware also incorporates a Trigger module that’s designed to eavesdrop on network traffic for a specific “trigger” packet in order to extract the C2 server mentioned in the IP packet’s payload, establish connection, and wait for the execution of commands issued by the C2.

“It is worth noting that Trigger C2 differs from Beacon C2 in the details of communication; after establishing an SSL tunnel, [the] bot and Trigger C2 use a Diffie-Helllman key exchange to establish a shared key, which is used in the AES algorithm to create a second layer of encryption,” the researchers explained.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

Feb 03, 2023Ravie LakshmananAutomotive Security / Vulnerability Two new security weaknesses discovered in several electric vehicle (EV) charging systems...

Big Tech’s earnings show the digital ad market isn’t over yet

After a challenging 2022 in which advertising-dependent companies faced shrinking budgets and falling stock prices, this week's fourth-quarter...

You can now use the Elgato Stream Deck to control your Microsoft Teams meetings

Microsoft has released a Teams plugin for the Elgato Stream Deck, making it possible to add meeting controls...

for only 34.99 euros it is the smartest purchase

If you want to build a smart home, this Amazon speaker is one of the best purchases you...

Mushroom Risotto | The Recipe Critic

This website may contain affiliate links and advertising so that we can provide recipes to you. Read my...

Xiaomi Redmi 10 Power (Sporty Orange, 8GB RAM, 128GB Storage)

Price: (as of - Details) Xiaomi Redmi 10 Power (Sporty Orange, 8GB RAM, 128GB Storage)Camera: 50 MP Primary...

Must read

பாக்டீரியாவால் தயாரிக்கப்பட்ட நானோவைர் காலநிலை மாற்றத்தை எதிர்த்துப் போராடுவதற்கான முக்கிய தடயங்களை வழங்குகிறது

மின்சாரம் தயாரிக்கும் பயோஃபில்ம்களுக்குப் பயன்படுத்தப்படும் மின்சார புலத்திற்கு பதில் ஜியோபாக்டரால்...