02-09-2024, 12:22 PM
Quote:ESET speculates that the attackers "are deploying a network implant in the networks of the victims, possibly on vulnerable network appliances such as routers or gateways."
Quote:"The fact that we found no indications of traffic redirection via DNS might indicate that when the hypothesized network implant intercepts unencrypted HTTP traffic related to updates, it replies with the NSPX30 implant's dropper in the form of a DLL, an executable file, or a ZIP archive containing the DLL."
Quote:The backdoor is downloaded via an HTTP request to Baidu's website www.baidu[.]com, a legitimate Chinese search engine, with an unusual User-Agent string that masquerades the request as originating from the Internet Explorer browser on Windows 98.
Detalji: https://thehackernews.com/2024/01/china-...tware.html
“If you think you are too small to make a difference, try sleeping with a mosquito.” - Dalai Lama XIV
