Hacker groups in Asia have weaponized the networking and pentesting tools in a series of attacks first identified in March 2018, as well as the high-profile SingHealth attack.
Hackers are leveraging Termite and EarthWorm, packet relay tools written by an employee of Beijing-based security research firm 360Netlab, to create a botnet of Internet of Things (IoT) devices, according to a report by AT&T Cybersecurity (formerly AlienVault).
Termite is capable of functioning as a SOCKS proxy, as well as a simple backdoor for file transfer and executing shell commands. Termite is capable of running on a wide variety of architectures, including x86, x86-64, ARM, MIPS(EL), SH-4, PowerPC, SPARC, and M68k, making it a particularly versatile tool for attackers to deploy on low-power IoT devices. Likewise, the small size (200-600 KB) makes it ideal for deployment on these devices, which often have meager internal storage.
Weaponization of these, which were intended as networking and penetration testing utilities, is a recent phenomenon. Kaspersky Lab noted briefly last year that Earthworm, the predecessor to Termite, was used as part of an attack involving the theft of a driver signing certificate of a Chinese IT company.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Botnet
Hacker groups in Asia have weaponized the networking and pentesting tools in a series of attacks first identified in March 2018, as well as the high-profile SingHealth attack.
Hackers are leveraging Termite and EarthWorm, packet relay tools written by an employee of Beijing-based security research firm 360Netlab, to create a botnet of Internet of Things (IoT) devices, according to a report by AT&T Cybersecurity (formerly AlienVault).
Termite is capable of functioning as a SOCKS proxy, as well as a simple backdoor for file transfer and executing shell commands. Termite is capable of running on a wide variety of architectures, including x86, x86-64, ARM, MIPS(EL), SH-4, PowerPC, SPARC, and M68k, making it a particularly versatile tool for attackers to deploy on low-power IoT devices. Likewise, the small size (200-600 KB) makes it ideal for deployment on these devices, which often have meager internal storage.
Weaponization of these, which were intended as networking and penetration testing utilities, is a recent phenomenon. Kaspersky Lab noted briefly last year that Earthworm, the predecessor to Termite, was used as part of an attack involving the theft of a driver signing certificate of a Chinese IT company.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Botnet