• About us
  • Disclaimer
  • Privacy Policy
Monday, July 4, 2022
  • Login
  • Register
W-SE (Web - SEcurity)
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Software help business

    Reasons to Buy the Right Business Hardware

    Network Management Security

    How to Invest in NFT Art?

    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    AceThinker Online Video Editor and Pro

    AceThinker Online Video Editor and Pro

    DGE 1001

    Splashtop Cost

    Cyber Security Degree In Pennsylvania

    How to Secure Your PC Before Going Online Shopping

    Trending Tags

    • Web Security
    • Data Security
    • Network Security
    • Cybersecurity
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact
No Result
View All Result
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Software help business

    Reasons to Buy the Right Business Hardware

    Network Management Security

    How to Invest in NFT Art?

    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    AceThinker Online Video Editor and Pro

    AceThinker Online Video Editor and Pro

    DGE 1001

    Splashtop Cost

    Cyber Security Degree In Pennsylvania

    How to Secure Your PC Before Going Online Shopping

    Trending Tags

    • Web Security
    • Data Security
    • Network Security
    • Cybersecurity
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact
No Result
View All Result
W-SE (Web - SEcurity)
No Result
View All Result
Home Malware

Uses New PortReuse Malware Against Asian Manufacturer Winnti Group

Melina Richardson by Melina Richardson
in Malware, Security
A A

With a new modular Windows backdoor, Winnti group hackers have upgraded their arsenal to infect servers from a highly-professional Asian mobile hardware and software manufacturer.

ShadowPad malware has also been added to the hacking group, with random modular IDs and some extra uncertainty being the most noticeable additions according to ESET researchers who have been monitoring hackers ‘ attacks all year round.

This Chinese state-based risk community (such as Symantec’s Blackfly and Suckfly, Wicked Panda’s CrowdStrike, Microsoft’s BARIUM, FireEye’s APT41), had been involved since Kaspersky exposed Winnti Trojan hackers on an enormous number of compromised gaming systems, at least in 2011.

A video game developer supply chain assault was found behind this large-scale attack, contributing to the malware being distributable via a game’s official update database.

Winnti Group artefacts and TTPs

Winnti Group artefacts and TTPs

New backdoor Windows used for attacks

Researchers from ESET, which spotted the latest malware known as PortReuse of the Winnti community, have also discovered that it is a “netz implant that is injecting itself into a system that already listens in a networking port, waiting for an incoming magic packet to trigger the malicious code.”

If the packet is not identified to trigger its malicious action, PortReuse will not interfere with the affected server’s traffic and will forward all uninteresting packets to the device that should receive them automatically.

The backdoor malware is dropped into an app called. NET, designed to launch the Winnti packer shellcode as a VB script that runs the shellcode with a.NET object, or as an “executable that has shellcode at its input point.” PortReuse also doesn’t need command and control (C2), because it uses the NetAgent listener that it injects into legitimate processes, so that it can wait.
PortReuse architecture

PortReuse architecture

“In order to decode incoming data to look for a magic packet, two strategies are used: hooking the reception feature (WSARecv or even the NtDeviceIoControlFile low level) or registering a handler to a specific URL resource on an IIS database by means of a URLPrefix using H5-0Addurl,” notes ESET.

In this sense, ESET scientists have also been able to find various PortReuse versions, each of which is configured for different ports and services such as TCP DNS (53), HTTP (80), HTTPS (443), Remote Desktop Protocol (3389) and Remote Management (5985).

Out of all detected variants, ESET also was able to detect one that is port-agnostic, as “it scans the TCP header and activates only if the source port is less than 22.”

Compromised producer of Asian goods

ESET could detect a company whose servers are infected with a version of the PortReuse backdoor that injects itself into Microsoft IIS using a GET request and checking Server and Content-Length headers. ESET researchers asked Censys to conduct an Internet test to detect the effects of the server on the sample.

“We find all eight of these IP addresses belonging to a single company: a leading Asian-based mobile hardware and software manufacturer,” said ESET. “We have informed the company and work to resolve the situation with the victims.” “It is possible that by undermining the enterprise, the Winnti Group is planning a devastating attack on the supply chain,” the prosecutors said.

Further information about the new and updated malware of the Winnti Group can be found in ESET’s blog post and in their Winnti Group White Paper.

ShareTweetShare
Previous Post

Sodinokibi Ransomware: Following the Money Trail of Affiliate

Next Post

OnionShare Lets Anyone Host Anonymous Dark Web Sites

Melina Richardson

Melina Richardson

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.

Next Post
Internet

OnionShare Lets Anyone Host Anonymous Dark Web Sites

Please login to join discussion
  • Trending
  • Comments
  • Latest
inurl technology

Latest Carding Dorks List for Sql Injection 2022

March 16, 2022
connect monitor to laptop two screens

How To Connect A Monitor To A Laptop And Use Both Screens?

February 10, 2021
how to connect two monitors to my laptop

How Do I Connect 2 Monitors To My Lenovo Laptop?

January 22, 2021
Gb Whatsapp An Unexpected Error

Gb Whatsapp An Unexpected Error

November 7, 2021
Windows Flaw

If Older Battleye software is used, Windows 10 1903 Blocked

0
Mac Os

New unpatched macOS bypass gatekeeper published online

0
Siemens Medical Products

Wormable Windows Flaw Affected Siemens Medical Products

0
Cloud Computing

5 Tips of the Personal Data Protection in the Cloud

0
Software help business

Reasons to Buy the Right Business Hardware

June 30, 2022
Business Intelligence

How Containerization Can Help with Your Automation Strategy

June 27, 2022
Private Browsing Do's And Don'ts

Private Browsing Do’s And Don’ts

June 27, 2022
The Safest Mobile Payment Options Available

The Safest Mobile Payment Options Available

June 27, 2022

Quick Links

Learnopedia
Tech Write For US
Technology Write For US
Casino Write For Us
Mr.Perfect Reviews
Cyber Security Career

Recent News

Software help business

Reasons to Buy the Right Business Hardware

June 30, 2022
Business Intelligence

How Containerization Can Help with Your Automation Strategy

June 27, 2022
Private Browsing Do's And Don'ts

Private Browsing Do’s And Don’ts

June 27, 2022
The Safest Mobile Payment Options Available

The Safest Mobile Payment Options Available

June 27, 2022
W-SE (Web – SEcurity)

W-SE regularly updates cyber attacks, hacking and events that provide IT security professionals with information throughout the world. Also offering news in W-SE. We spent two years living and sharing guidance and insights with IT experts, detailed analyzes and news.

We also train people with product reviews in different form of content.

Browse by Category

  • computer
  • Fraud & Identity
  • gaming
  • How To?
  • laptop
  • Malware
  • Microsoft
  • Mobile
  • photography
  • Privacy
  • Reviews
  • Security
  • Security Degree
  • Smart phone
  • smart tv
  • Social
  • software
  • Tech
  • Tech today
  • Top list
  • Uncategorized
  • Virus & Threats
  • Vulnerabilities
  • Website
  • What is?

Recent News

Software help business

Reasons to Buy the Right Business Hardware

June 30, 2022
Business Intelligence

How Containerization Can Help with Your Automation Strategy

June 27, 2022
  • About us
  • Contact
  • Disclaimer
  • Home
  • Privacy Policy
  • Resources
  • Support Forum
  • Tech Blog
  • Technology Write For Us
  • W-SE (Web Security)

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

No Result
View All Result
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In