A newly discovered malware, Squidoor, is being used in cyber-espionage attacks targeting government, defense, telecom, education, and aviation sectors in Southeast Asia & South America.
This sophisticated malware, attributed to a Chinese threat actor (CL-STA-0049), uses Outlook API, DNS, and ICMP tunneling for stealthy Command & Control (C2) communication. It infiltrates systems by exploiting IIS vulnerabilities and deploying web shells for persistent access. Squidoor evades detection through LOLBAS techniques, code injection, and scheduled tasks, enabling data exfiltration, lateral movement, and system reconnaissance.
The malware’s ability to blend into legitimate traffic and operate across Windows & Linux makes it a major concern for cybersecurity professionals. Organizations are advised to enhance monitoring & implement advanced threat detection tools.
This sophisticated malware, attributed to a Chinese threat actor (CL-STA-0049), uses Outlook API, DNS, and ICMP tunneling for stealthy Command & Control (C2) communication. It infiltrates systems by exploiting IIS vulnerabilities and deploying web shells for persistent access. Squidoor evades detection through LOLBAS techniques, code injection, and scheduled tasks, enabling data exfiltration, lateral movement, and system reconnaissance.
The malware’s ability to blend into legitimate traffic and operate across Windows & Linux makes it a major concern for cybersecurity professionals. Organizations are advised to enhance monitoring & implement advanced threat detection tools.
![[Image: MxgnhgZ.gif]](https://i.imgur.com/MxgnhgZ.gif)