Menu

  • Alerts
  • Incidents
  • News
  • Cyber Briefing
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Tutorials

Useful Tools

  • Password Generator
No Result
View All Result
Sunday, December 3, 2023
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
    • Cyber Briefing
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
Get Help
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
    • Cyber Briefing
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
Get Help
No Result
View All Result
CyberMaterial
No Result
View All Result
Home Alerts

Telecoms in the Middle East Under Attack

September 20, 2023
Reading Time: 2 mins read
in Alerts

Telecommunication service providers in the Middle East have fallen prey to a novel cyber threat, ShroudedSnooper, which deploys a highly covert backdoor known as HTTPSnoop.

Furthermore, this malicious intrusion set, according to Cisco Talos, employs innovative techniques to interface with Windows HTTP kernel drivers and devices, enabling it to monitor incoming requests for specific HTTP(S) URLs and execute their content on the compromised endpoints. In addition to HTTPSnoop, the threat actor’s arsenal includes a sister implant named PipeSnoop, which can accept arbitrary shellcode via a named pipe and execute it on the infected system.

ShroudedSnooper appears to focus on exploiting internet-facing servers to gain initial access to targeted environments. Intriguingly, both HTTPSnoop and PipeSnoop disguise themselves as components of Palo Alto Networks’ Cortex XDR application (“CyveraConsole.exe”) in an effort to remain inconspicuous and evade detection.

Notably, the malware comes in three different HTTPSnoop samples and utilizes low-level Windows APIs to eavesdrop on incoming requests that match predefined URL patterns. These requests are then used to extract shellcode, which is subsequently executed on the compromised host. PipeSnoop, on the other hand, seems to be intended for use within a compromised enterprise environment, suggesting a distinct purpose compared to HTTPSnoop.

Additionally, this latest cyber threat underscores a concerning pattern of attacks targeting the telecom sector, particularly in the Middle East, over recent years. In previous incidents, various threat actors and collectives, such as Lebanese Cedar, MuddyWater, BackdoorDiplomacy, WIP26, and Granite Typhoon, have conducted espionage campaigns against telecom operators in the region.

These attacks raise significant cybersecurity concerns and highlight the need for robust defenses within the telecommunications industry in the Middle East to protect against emerging and persistent threats like ShroudedSnooper.

Reference:
  • New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
Tags: BackdoorCyber AlertCyber Alerts 2023CybersecurityHTTPSnoopMiddle EastSeptember 2023ShroudedSnooperVulnerabilitiesWindows
ADVERTISEMENT

Related Posts

December 01, 2023 – Cyber Briefing

December 01, 2023 – Cyber Briefing

December 1, 2023
US Sanctions North Korean Hackers

US Sanctions North Korean Hackers

December 1, 2023
Meta Counters Foreign Influence

Meta Counters Foreign Influence

December 1, 2023
Lazarus Group’s $3B Crypto Gains

Lazarus Group’s $3B Crypto Gains

December 1, 2023
UK SMBs Struggle Spotting Scams

UK SMBs Struggle Spotting Scams

December 1, 2023
Honey Birdette Faces Data Breach

Honey Birdette Faces Data Breach

December 1, 2023

Latest Alerts

Zyxel Alerts Critical Flaws in NAS

Apple Tackles iOS Zero-Days

Hackers Deploy LUMMA via Invoice

UEFI Bugs Enable Bootkit Attacks

Fake Virus Alerts Hit Major Sites

FjordPhantom Targets Banks

Subscribe to our newsletter

    Latest Incidents

    Honey Birdette Faces Data Breach

    NC City Hit by Thanksgiving Hack

    Science History Institute Faces Ransomware

    Staples Faces Cyberattack

    Berglund’s Data Breach Hits 50K Individuals

    Cyber Attack Hits Capital

    Next Post

    Nine New Vulnerabilities Added by CISA

    • About Us
    • Contact Us
    • Legal and Privacy Policy
    • Site Map

    © 2023 | CyberMaterial | All rights reserved

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Briefing
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials

    Copyright © 2023 CyberMaterial

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist