in ,

Palo Alto Networks: Custom Backdoor ‘SockDetour’ Targets Defense Companies

Palo Alto Networks: Custom Backdoor ‘SockDetour’ Targets Defense Companies - top government contractors - best government contracting event

Palo Alto Networks has found that threat actors have been using a custom backdoor called SockDetour to target U.S. defense contractors.

The company said Thursday SockDetour functions as a backup backdoor in the event that the first backdoor is removed and is hard to detect because it “operates filelessly and socketlessly on compromised Windows servers.”

Four defense vendors were targeted by the malware and at least one entity has been compromised, according to evidence collected by Palo Alto Networks’ Unit 42.

According to Unit 42, the SockDetour-related attacks were part of the TiltedTemple advanced persistent threat campaign that compromised and carried out reconnaissance operations against organizations across defense, finance, technology, education, energy and health care industries, including infrastructure linked to five U.S. states.

The company said SockDetour is believed to have been active since July 2019 and evaded detection because the unit did not find on public repositories any additional samples of the custom backdoor.

“We found SockDetour hosted on infrastructure associated with TiltedTemple, though we have not yet determined whether this is the work of a single threat actor or several,” the report reads.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Cybersecurity

mm

Written by Jane Edwards

is a staff writer at Executive Mosaic, where she writes for ExecutiveBiz about IT modernization, cybersecurity, space procurement and industry leaders’ perspectives on government technology trends.

Palo Alto Networks: Custom Backdoor ‘SockDetour’ Targets Defense Companies - top government contractors - best government contracting event
Palantir to Provide Modernization Support for Army Intelligence Data Platform
Palo Alto Networks: Custom Backdoor ‘SockDetour’ Targets Defense Companies - top government contractors - best government contracting event
General Dynamics Electric Boat Delivers USS Oregon Submarine to Navy