News / Threat Reports

NEW: ShadowPad Backdoor

ShadowPad Backdoor distributed in hundreds of organisations’ critical networks

Kaspersky Lab have identified that software produced and distributed by NetSarang has been compromised to include an encrypted backdoor, named ShadowPad. The compromised software was identified when a financial organisation noticed suspicious DNS requests from a software package produced by NetSarang. The backdoor is remotely activated and allows attackers to upload files to the compromised network, create files and store information in a victim’s registry. Currently one company in Hong Kong is known to have been affected, and the attack is thought to have been facilitated via a supply chain compromise.

Let’s have a look below at how Silobreaker monitors and analyses mentions of ShadowPad Backdoor.

 

Screenshot 1 – Silobreaker Network – Real time link analysis leveraging unstructured open source data to detect connections between products, indicators, locations and actors.

Click the Network above to enlarge it.

 

Screenshot 2 – Silobreaker Time Series – Monitoring “ShadowPad Backdoor” stories breaking and developing over time.

 

Click the Heat widget above to enlarge it.

Screenshot 3 – Silobreaker Heat – Automated monitoring of specific entity types related to ShadowPad Backdoor. In this instance – hashes, domains and countries affected.

 

To see further analysis of ShadowPad and other cyber threats to your organisation in Silobreaker, book an online demo today.

 


Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

More News

  • Silobreaker Daily Cyber Digest – 11 December 2018

      Ongoing Campaigns MuddyWater remains active targeting 30 organizations in two months Symantec researchers have found that from September 2018 to mid-November 2018 the...
  • Silobreaker Daily Cyber Digest – 10 December 2018

      Malware New macOS malware DarthMiner combines EmPyre backdoor and XMRig miner Malwarebytes Labs researchers discovered a new macOS malware, dubbed DarthMiner, that is...
  • Silobreaker Daily Cyber Digest – 07 December 2018

      Malware Over 100,000 PCs in China infected with new ransomware The ransomware, dubbed UNNAMED1989, reportedly infected over 100,000 computers in only four days....
View all News

Request a demo

Get in touch