216.73.216.197

Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations

· Published 27/02/2025 13:18 · Modified 27/02/2025 13:48

Export JSON

Essential information

Published
27/02/2025 13:18
Modified
27/02/2025 13:48
Tags
2025-02-27 apt backdoor espionage squidoor
Related entities
30 observables, 1 intrusion sets (apt), 7 techniques (mitre), 4 others

Description

Since at least March 2023, a suspected Chinese threat actor has been targeting government, defense, telecommunications, education, and aviation sectors in Southeast Asia and South America. The attackers employ a sophisticated known as , which affects both Windows and Linux systems. is modular and designed for stealth, utilizing multiple communication protocols—including Outlook API, DNS tunneling, and ICMP tunneling—to establish covert channels with command and control servers. Initial access is typically achieved by exploiting vulnerabilities in Internet Information Services (IIS) servers, followed by the deployment of obfuscated web shells for persistent access.

External references