Articles Uncategorized New Moriya Rootkit Targeting Windows Discovered

New Moriya Rootkit Targeting Windows Discovered


Kaspersky Lab experts have discovered a rare type of malware – the Moriya rootkit . The fact is that after the release of Windows 10, OS security has noticeably increased, so in recent years it has become much more difficult to develop and successfully use rootkits.

The researchers write that Moriya is designed for Windows and has existed since at least 2018, but until recently the rootkit went unnoticed. According to the company, during this time it was used for very limited and narrowly targeted attacks (so far less than a dozen have been affected). The most notable casualties were two major regional diplomatic organizations in Southeast Asia and Africa, with the remainder in South Asian countries.

Who exactly is the creator of this rootkit is unknown, but researchers believe that some Chinese cyber espionage group is behind the malware.

“We rely on the fact that targets of attacks have previously been attacked by Chinese-speaking attackers and are usually located in countries that are often targeted by such criminals. In addition, the tools used by the attackers, including China Chopper, BOUNCER, Termite and Earthworm, are additional indicators to support our hypothesis, as they were previously used in campaigns attributed to prominent Chinese groups, ”the report reads.

Moriya went unnoticed for so many years, as, for example, it uses a well-known tactic: it is embedded between the Windows TCP / IP network stack and incoming network traffic, and then intercepts data packets before they even reach the operating system and any locally installed antivirus.

Moriya architecture

To infiltrate the network of an organization of interest and install Moriya, attackers typically compromised vulnerable IIS web servers. For example, in one of the confirmed attacks, the entry point was a server that did not have a patch for the old CVE-2017-7269 vulnerability . Exploiting this bug, the attackers installed a web shell on the server and then used it to deploy Moriya.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you