Sunday, October 18, 20:23
Home security Palmerworm hackers have been hiding in corporate networks for months

Palmerworm hackers have been hiding in corporate networks for months

Symantec reports that attacks on organizations in the US, Japan, Taiwan and China carried out for the purpose of theft information and have been associated with an espionage group known as Palmerworm - also known as BlackTech - which has been around since 2013.

Palmerworm hackers

In some cases, the Palmerworm team maintained its presence on compromised networks for a year or more, often with the help of tactics that exploit legitimate software and tools, so as not to raise suspicions that something might be wrong - and thus creating less evidence that can be used to trace the origin of the attack.

Investigators have not been able to determine how hackers gained access to the network in this latest round of Palmerworm attacks, but previous campaigns have used his tactics. phear-phishing to endanger the victims.

However, it is known that malware development uses custom loaders and network authentication tools similar to previous campaigns Palmerworm, with investigators "quite confident" that they are the same team behind these attacks.

Palmerworm malware also uses stolen code signing certificates in payloads to make them look more legitimate. This tactic is also known to have been previously developed by team.

Malware provides intruders with a secret backdoor to the network and access is maintained using many legitimate ones tools, including PSExec and SNScan, which are exploited to move around the network without being detected. Meanwhile, the WinRAR used to compress files, facilitating extraction from the network of intruders.

Symantec has not assigned Palmerworm anywhere specifically, but Taiwanese officials have previously claimed that attacks can be connected to China. If so, it suggests that Chinese hackers have targeted a Chinese company as part of the campaign.

What is certain, however, is that the Palmerworm team is unlikely to stop working and will remain a threat for many years to come.

While the nature of advanced hacking campaigns means that they can be difficult to detect, organizations can protect themselves by having a clear picture of their network and knowledge of the common and unusual activity - and the exclusion of suspicious activity if necessary.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Global Privacy Control (GPC): Helps Protect Your Internet Privacy

Some technology companies have joined forces to create the Global Privacy Control (GPC), a new standard to ...

Microsoft Outlook: How to edit emails you receive from third parties?

The subject and text of an email we receive is usually the sender's business. He decides what ...

How to download your own videos from YouTube

YouTube makes it easy to upload videos. Downloading them is another story. See how you can download any video you have ...

Apple Watch: How do you delete notifications from your "smart" watch?

The Apple Watch, the "smart" watch presented by Apple in 2014, is a device that has untied the hands of many ...

Americans secretly use the passwords of their ex-partners

Many people tend to give the passwords of their social media and other accounts to their other half, most likely to show ...

iPhone 12 vs. iPhone 12 Pro: Which is Better?

At first glance, the iPhone 12 and iPhone 12 Pro are quite similar phones. Both have OLED screens ...

Ubisoft - Crytek: Ransomware Attack on Top Gaming Companies!

A ransomware gang known as "Egregor" has leaked data that it claims stole from the internal networks of two ...

Google "kills" Hangouts and pushes users to Chat

Google has announced plans to move Google Hangouts users to Google Chat next year. It also offers the ...

How to disable auto-correct on iPhone and iPad

Are you tired of your iPhone or iPad "correcting" your typographical errors even when you have written the ...

British Airways has made unacceptable mistakes, the ICO reports

British Airways has been fined λι 20 million for "unacceptable" mistakes that led to the theft of personal data of hundreds of thousands ...