2025-01-30 19:08:30 Pacfic
EAGERBEE Backdoor Targets Middle East - 23d
A sophisticated cyberespionage campaign employing the EAGERBEE backdoor is targeting Internet Service Providers (ISPs) and government entities in the Middle East. This malware uses a novel service injector to embed itself into running services, and previously undocumented plugins to perform malicious activities like file manipulation, remote access, and process exploration. The attackers leverage a DLL hijacking vulnerability for initial access, deploying a backdoor injector and payload using the SessionEnv service. Once active, EAGERBEE gathers system information and communicates with a command-and-control server via encrypted protocols.
The EAGERBEE backdoor employs a plugin orchestrator that injects itself into memory, collecting system data and receiving commands to manage various plugins. These plugins include a File Manager, which can enumerate, manipulate, and execute files; a Process Manager, which controls system processes; a Remote Access Manager for data exfiltration and remote control; and a Service Manager for controlling system services. Analysis also suggests potential links between EAGERBEE and the CoughingDown threat group, but attribution remains uncertain. This campaign shows an evolution in malware frameworks used in sophisticated and targeted cyber attacks.
ImgSrc: securityonline.info
References:
- Malware Analysis, News and Indicators - Latest topics - EAGERBEE, with updated and novel components, targets the Middle East - 23d
- ciso2ciso.com - EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets – Source: www.darkreading.com - 23d
- @screaminggoat - Kaspersky : Kaspersky reports that an in-memory backdoor called EAGERBEE is being deployed at ISPs and governmental entities in the Middle East. - 23d
- Security Affairs - Eagerbee backdoor targets govt entities and ISPs in the Middle East - 23d
- Malware Archives ? Cybersecurity News - EAGERBEE: Advanced Backdoor Targets Middle Eastern ISPs and Government Entities - 23d
- @jos1264 - EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets – Source: www.darkreading.com - 23d
- ciso2ciso.com - EAGERBEE, with updated and novel components, targets the Middle East – Source: securelist.com - 23d
- CISO2CISO.COM & CYBER SECURITY GROUP - EAGERBEE, with updated and novel components, targets the Middle East – Source: securelist.com - 23d
- securityonline.info - EAGERBEE: Advanced Backdoor Targets Middle Eastern ISPs and Government Entities - 23d
- The Hacker News - New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities - 23d
- gbhackers.com - EAGERBEE Malware Updated It’s Arsenal With Payloads & Command Shells - 23d
- GBHackers Security | #1 Globally Trusted Cyber Security News Platform - EAGERBEE Malware Updated It’s Arsenal With Payloads & Command Shells - 23d
- CISO2CISO.COM & CYBER SECURITY GROUP - EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets – Source: www.darkreading.com - 22d
- securelist.com - EAGERBEE, with updated and novel components, targets the Middle East - 22d
- ciso2ciso.com - EAGERBEE Malware Detection: New Backdoor Variant Targets Internet Service Providers and State Bodies in the Middle East - 21d
Classification:
- HashTags: EagerBee Backdoor MiddleEast
- Target: Middle Eastern ISPs and Governments
- Product: EAGERBEE Backdoor
- Feature: Service Injection
- Type: Malware
- Severity: Major