Threat Post -
Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers.
The novel backdoor technique called SideWalk, seen in campaigns targeting US media and retailers late last month, has been tied to an adversary that’s been around for quite a while: namely, China-linked Grayfly espionage group.
ESET researchers, who named and discovered the new “SparklingGoblin” advanced persistent threat (APT) actor behind SideWalk, reported at the time that the group is an offshoot of another APT – Winnti Group – first identified in 2013 by Kaspersky.
ESET also said that the SideWalk backdoor is similar to one used by Winnti (aka APT41, Barium, Wicked Panda or Wicked Spider, an APT known for nation state-backed cyberespionage and financial cybercrime) called CrossWalk (Backdoor.Motnug). Both CrossWalk and SideWalk are modular backdoors used to exfiltrate system information and can run
The post SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’ originally appeared on Threat Post.