September 22, 2023

The most popular VLC media player has been malvertised by threat actor CICADA aka APT10 for distributing malware and spy on government agencies and adjacent organizatation researchers have warned.

Victims are located mostly located in the US, Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy. Cicada in general targets Japan, but now since it’s targetting more countries it shows attack horizon brodened.

Advertisements

The malware used as part of this latest round of attacks does not have a name, but researchers from Symantec, who were responsible for the discovery, believe it’s being used for espionage.

Apparently, the threat actor, which seems to be of Chinese origin, used a known Microsoft Exchange server vulnerability to gain initial access. The campaign started in mid-2021 and could still be ongoing. 

The attackers “side-loaded” the malware, using a clean version of VLC with a malicious DLL file in the same path as the media player’s export functions. Cicada also deployed a WinVNC server for remote control and the Sodamaster backdoor that collects data on system details and active running process in the system

Tags:

Leave a Reply

You may have missed

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023
%d bloggers like this: