Chinese APT May be Behind the Newly Discovered Moriya Rootkit

Trickbot Streals Passwords From Browsers

The Moriya Rootkit is a newly identified threat that, however, might have been working for a long time before it was finally discovered. Rootkits like this one are designed to plant themselves deep into the operating system's components, grant themselves persistence, and then try to provide the attacker with control over the compromised device. Rootkits are typically very difficult to detect and remove - this task should always be completed with the use of a sophisticated antivirus tool.

The Moriya Rootkit, in particular, is believed to have been active since 2018. It is designed to spy on the compromised system's network traffic, as well as to execute remote commands usmibbted by the attacker. It possesses features typical for a backdoor Trojan.

It is important to note that this is a very complicated malware family, which is used against carefuly selected targets. So far, copies of the Moriya Rootkit have been discovered on networks belonging to multiple Asian and African diplomatic organizations and individuals. Moriya Rootkit's infection was usually followed by the deployment of other malware families such as China Chopper. The common thing between the secondary payloads is that they were all previously used by Chinese cybercriminals, so there is a high chance that the Moriya Rootkit might be the product of a highly-skilled Chinese threat actor.

Cybersecurity experts are still gathering information about the Moriya Rootkit and its activities. There is no indicator about the infection vector that the criminals may have used to deliver and plant the malicious Moriya Rootkit. What we know for sure is that modern firewall and antivirus software can prevent such attacks from taking place at all.

May 7, 2021