New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies
Jun 10, 2023
Cyber Attack / Malware
Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER . "SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory manipulation, and token impersonation capabilities," Elastic Security Labs said in a Friday report. The attacks have been attributed to an actor it tracks as REF2754, which overlaps with a Vietnamese threat group known as APT32, Canvas Cyclone (formerly Bismuth), Cobalt Kitty, and OceanLotus. Meta, in December 2020, linked the activities of the hacking crew to a cybersecurity company named CyberOne Group. In the latest infection flow unearthed by Elastic, the SysInternals ProcDump utility is leveraged to load an unsigned DLL file that contains DONUTLOADER, which, in turn, is configured to load SPECTRALVIPER and other malware such as P8LOADER or POWERSEAL. SPECTRALVIPER is desi