Track Common Adversary Tasks Performed Using BISCUIT

 




To know more about it, you can go through my detailed document by clicking here






Overview

BISCUIT is a backdoor generally used by the Chinese cyber threat actors called APT1 since 2007 and it's known for wide scale as well as high volume attacks on all the English speaking countries or the ones having English as their native language. Similar to the other attack groups, they also use spear phishing emails to spread the malware.


Attack Methods

It generally uses the following attack methods or tools:
  1. Spearphishing
  2. Malicious attachments
  3. Vulnerable web servers
  4. Custom backdoors
  5. Mimikatz
  6. SQL injections
  7. RDP, SSH, data compression before exfiltration, etc.

Remedy

The following measures may help in the prevention and mitigation of this malware:
  • Regular application update is necessary in order to protect against known vulnerabilities;

  • User input validation should be employed so that local as well as remote file inclusion vulnerabilities can be restricted;

  • Use of web application firewall, regular signature virus checkups, application fuzzing, code reviews, server network analysis, etc. can be of much help;

  • Regular system and application vulnerability scans can also highlight any possible areas of concern; etc...


















To know more about it, you can go through my detailed document by clicking here

































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)