BleepingComputer reports that telecommunications providers have been mainly targeted by a custom BPFDoor malware implant, which has exploited an old security vulnerability in Solaris systems.
BPFDoor, also known as JustForFun, has been developed by threat actor DecisiveArchitect to leverage a three-year-old flaw in Solaris operating system's XScreenSaver component to gain root-level permissions, a report from CrowdStrike revealed. DecisiveArchitect was also observed to have used the LD_PRELOAD environmental variable. However, the report showed that DecisiveArchitect's tactics, techniques, and procedures have been updated to reflect the use of the LD_PRELOAD environmental variable to facilitate Linux system attacks, as well as to allow malware loading within the /sbin/agetty process.
"DecisiveArchitect exhibits a high degree of operational security as part of their tactics to make it more difficult for defenders to identify and investigate their activity through the use of various defense evasion techniques," said CrowdStrike, which also detailed indicators of compromise in its report.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds