BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor
Essential information
- Published
- 02/08/2024 09:57
- Modified
- 02/08/2024 10:01
- Tags
- 2024-08-02 backdoor bitsloth espionage exfiltration lateral movement persistence
- Related entities
- 8 observables, 10 techniques (mitre), 1 malware, 1 others
Description
Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for data theft, remote execution, and persistence. Notably, BITSLOTH contains 35 distinct command handlers for tasks like keylogging, screen capture, discovery, enumeration, and command execution. Analysis suggests the malware has been under development since 2021 by actors potentially associated with Chinese-speaking individuals or groups.