Researchers found the Witchetty hacker group using the old Microsoft Windows logo to spy on governments and organizations. Data software company Symantec Enterprise published a blog on September 29 highlighting the use of the company’s old logo to hide backdoor trojan.
According to the research, Witchetty used the steganography technique, which helps hide confidential information in an ordinary file or message to prevent it from being detected.
What the cyber espionage entails
Witchetty group used the old Windows logo to launch the ongoing cyber espionage against Middle Eastern countries and the stock exchange of an African nation. They used a backdoor trojan ‘Backdoor.Stegmap’ to steal login credentials, install malware on targeted computers and move laterally across networks which enabled infecting other hosts and applications in the organization.
How Witchetty used the Windows logo
Using Steganography, the Witchetty group extracted the malicious payload onto the target’s device. Since the payload was disguised, the group hosted the image on a free and trusted service like GitHub. This reduced suspicion. The hacker collective encrypted the payload with an XOR key which allowed encryption and is considered difficult to crack using the brute force method.
As per the report, the payload can create and remove a directory, copy, move, and delete files, start new processes, download and run executables, kill a process, etc.
Information on the Witchetty group
The hacker group has been carrying out cyber espionage since February 2022, the latest being in September. In April 2022, Witchetty targeted governments, diplomatic missions, manufacturing organizations, and charitable organizations. The group announced that they were a part of three sub-groups of TA410. The other groups were FlowingFrog and JollyFrog, which have targeted the United States utility sector.
The group is known to refine its toolset to successfully attack its target. They gain access to public-facing servers by exploiting their vulnerabilities to find a route to reach organizations eventually.
