SockDetour Backdoor Infiltrates US Defense Contractors Networks

Backdoor malware named SockDetour has been discovered on systems belonging to US defense contractors. According to Unit 42 security researchers, SockDetour is a backup backdoor that was used by threat actors to maintain access to the networks. SockDetour has been very hard to spot due to it working "filelessly and socketlessly" on infected Windows servers by hijacking network connections, making it a lot harder to detect at the host and network levels. SockDetour is used by the Chinese APT group tracked as TiltedTemple and previously linked to attacks exploiting several vulnerabilities in Zoho products. Read more...