Threat Intelligence, Malware

Thousands of deserted backdoors disrupted

(Image Credit: Jasmin Merdan via Getty Images)

BleepingComputer reports that more than 4,000 live web backdoors neglected by threat actors have been identified, taken over, and eventually dismantled following the registration of expired domains.

Included in the discovered web shells were China Chopper — which is a fixture among advanced persistent threat operations — c99shell, and r57shell, as well as a backdoor that integrated Lazarus Group-like capabilities, according to a report from WatchTowr Labs. Such backdoors were noted to have compromised several government organizations in China, Bangladesh, and Nigeria, as well as universities and higher education entities in China, South Korea, and Thailand. Ownership of all 40 domains leveraged to determine the web shells has been passed on to The Shadowserver Foundation, which has since proceeded to sinkhole the backdoors' communication infrastructure, said WatchTowr Labs researchers. Such findings were noted to indicate the potential renewed usage of expired domains in future cyberattacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds