Researchers discover APT31's advanced backdoors and data exfiltration tactics

The Chinese threat actor known as APT31 has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox. Kaspersky says. The attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. Kasperssky said in an analysis spotlighting APT 31's previously undocumented tradecraft.The intrusions employ a three-stage malware stack. Each focused on different aspects of the attack chain: setting up persistence, gathering sensitive data, and transmitting the information to a remote server under the attackers' control.A third similar implant is configured to send the data via the Yandex email service.Abusing popular cloud-based data storages may allow the threat actor(s) to evade security measures, the company said.

#shorts #techshorts #technews #tech #technology #data exfiltration #Chinese threat actor #third-step component