2024-12-27 04:13:11 Pacfic
Winnti Hackers Deploy Glutton PHP Backdoor - 8d
The Chinese hacking group Winnti is using a new PHP backdoor called 'Glutton' in attacks targeting organizations in China and the United States. This sophisticated malware is also being used to target other cybercriminals, marking a notable shift in Winnti's tactics. Glutton is a modular backdoor that injects code into popular PHP frameworks and systems. Once installed, it allows attackers to exfiltrate data, install backdoors, and inject malicious code, all while leaving no file traces, allowing the malware to operate undetected. The group's activities with this new backdoor have been ongoing for over a year, with evidence of its deployment dating back to December 2023. Cybersecurity experts believe Winnti is not only targeting traditional organizations, such as those in the IT sector, social security and web development, but also the cybercrime market itself. It has been found embedded in various software packages within online criminal forums, allowing Glutton's operators to compromise the systems of other malicious actors, stealing their sensitive information. Despite its sophistication, Glutton has some weaknesses that are atypical for Winnti, such as plaintext samples and simplistic communication protocols, indicating it may still be in early development.
ImgSrc: securityonline.info
References:
- @BleepingComputer - The Chinese Winnti hacking group is using a new PHP backdoor named 'Glutton' in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals. - 10d
- Over Security - Winnti hackers target other threat actors with new 'Glutton' PHP backdoor - 10d
- Malware Analysis, News and Indicators - Novel Glutton backdoor deployed by Winnti hackers - 10d
- SCM feed for Threat Management - Novel Glutton backdoor deployed by Winnti hackers - 10d
- Malware Archives - The Zero-Detection PHP Backdoor Glutton Exposed - 10d
- @patrickcmiller.bsky.social - Winnti hackers target other threat actors with new Glutton PHP backdoor - 10d
- @screaminggoat - QiAnXin : This is very unusual: QiAnXin's XLAB identified a Winnti Linux-variant backdoor campaign (including a new PHP backdoor dubbed Glutton) targeting the cybercrime market. - 10d
Classification:
- HashTags: Winnti GluttonBackdoor Cyberattacks
- Company: Multiple
- Target: China, US organizations, Cybercriminals
- Attacker: Winnti
- Product: PHP
- Feature: PHP Backdoor
- Type: Malware
- Severity: Major