Malware, Threat Intelligence, Vulnerability Management

Middle East subjected to Eagerbee backdoor attacks

BleepingComputer reports that Middle Eastern government entities and internet service providers have been targeted with attacks involving novel Eagerbee malware framework variants that may be associated with the CoughingDown threat operation.

Intrusions with Eagerbee — which had been deployed against South Asian organizations through the targeting of the Microsoft Exchange ProxyLogon bug, tracked as CVE-2021-26855 — involved the delivery of a payload file-loading injector, which is executed upon system start before commencing the exploitation of Themes, SessionEnv, MSDTC, and IKEEXT to facilitate in-memory backdoor writing, according to an analysis from Sophos researchers. After gathering operating system information, network addresses, and other details, Eagerbee creates a TCP/SSL channel to enable the injection of the File Manager Plugin for file permission modifications and volume label management and the Process Manager Plugin for command line execution, as well as the Remote Access Manager, Service Manager, and Network Manager plugins, said researchers. Immediate patching of Exchange servers vulnerable to ProxyLogon has been recommended.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds