ESET researchers publish an analysis of Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks.<<
- We discovered a malicious downloader being deployed, by legitimate Chinese software update mechanisms, onto victims’ machines.
- The downloader seeks to deploy a modular backdoor that we have named WizardNet.
- We analyzed Spellbinder: the tool the attackers use to conduct local adversary-in-the-middle attacks and to redirect traffic to an attacker-controlled server to deliver the group’s signature backdoor WizardNet.
- We provide details abouts links between TheWizards and the Chinese company Dianke Network Security Technology, also known as UPSEC.
