New Slithering Serpent backdoor targets French organisations

March 25, 2022
Slithering Serpent Backdoor Malware France Phishing

A new backdoor called Slithering Serpent targets French entities using a highly sophisticated attack chain.

Based on studies, the newly discovered threat actor uses a unique combination of a detection bypass technique, steganography, and open-source software to initiate an attack against French government sectors, construction organisations, and real estate firms.

The threat actors also exploit a well-known Windows package manager called Chocolatey, deploying the Serpent backdoor.

The Serpent’s phishing email spoofs Europe’s General Data Protection Statement (GDPR), consisting of a macro-laden MS Word document. If the target opens the infected Word document, a malicious code will gather an image of Swiper the fox from a kid’s educational series called Dora the Explorer.

The image gathered by the malicious code will serve as steganography to obfuscate a PowerShell script operated by the macros. The steganographic image will hide the malicious code to avoid detection by security solutions. Furthermore, an additional steganographic image will be downloaded by the malicious file to launch the Python-based Serpent payload.

The researchers have not yet concluded what the hackers want to achieve. Still, a successful infection enables the threat group to operate and execute several hostile actions against their targeted networks.

 

An analysis revealed that the Slithering Serpent backdoor communicates with the threat actor’s command-and-control (C2) server to receive signals and instructions that the malware will run on a target’s device.

 

The backdoor can also operate any command that will allow the threat actors to download additional malware, open reverse shells, and acquire full access to the infected device. Several experts believe that the threat actors will want an espionage campaign against these French entities since their TTPs disrupt the government’s chain of commands.

Many cybersecurity experts recommend that firms inside this targeted region employ top-of-the-line security providers to mitigate the chances of infection from this new threat.

About the author

Leave a Reply