TiltedTemple APT Deploys the SockDetour Malware
Advanced Persistent Threat (APT) actors are always lurking in the shadows, planning their next devious campaign that would use never seen before malware. Of course, their attacks are not always excellent, and sometimes we get a sneak peek into the tools that these high-profile threat groups use. Recently, antivirus vendors have reported a brand new Trojan backdoor that appears to be the product of a highly-sophisticated APT actor tracked under the alias TiltedTemple. The threat, dubbed SockDetour, is a dangerous Trojan malware, which has the ability to provide its operators with persistent access to infected networks and systems.
As you can probably guess, high-level hackers rarely go after ordinary users. Instead, their targets are far more specific. In this case, the SockDetour Malware has been used against networks belonging to multiple US defense contractors. This might mean that the attack is politically motivated, but this is yet to be confirmed fully.
SockDetour Malware May Have Been Active for Over 2 Years
Allegedly, some of the malware samples that were recovered from infected systems dated back to 2019. This might mean that the SockDetour Malware has been active for a long time, and it has manage to stay under the radar thanks to its stealth and evasive capabilities. The SockDetour Trojan is able to inject its code in legitimate processes, effectively operating in fileless mode.
So far, the malware has been targeting Windows machines exclusively. Once planted, it could be operated through remote commands sent by the criminals behind the attack. Thanks to this backdoor Trojan, the TiltedTemple hackers may have modified system settings, exfiltrated information, and much more. The initial attack vector is not yet clear.