Quote:The novel backdoor technique called SideWalk, seen in campaigns targeting US media and retailers late last month, has been tied to an adversary that’s been around for quite a while: namely, China-linked Grayfly espionage group.
ESET researchers, who named and discovered the new “SparklingGoblin” advanced persistent threat (APT) actor behind SideWalk, reported at the time that the group is an offshoot of another APT – Winnti Group – first identified in 2013 by Kaspersky.
ESET also said that the SideWalk backdoor is similar to one used by Winnti (aka APT41, Barium, Wicked Panda or Wicked Spider, an APT known for nation state-backed cyberespionage and financial cybercrime) called CrossWalk (Backdoor.Motnug). Both CrossWalk and SideWalk are modular backdoors used to exfiltrate system information and can run shellcode sent by the command-and-control (C2) server.
According to a report published by Symantec on Thursday, the SideWalk malware has been deployed in recent Grayfly campaigns against organizations in Taiwan, Vietnam, the US and Mexico. Symantec’s Threat Hunter Team has observed recent campaigns that have involved exploits targeting Exchange and MySQL servers.
Besides attacking organizations in the IT, media and finance sectors, the group also has zeroed in on the telecoms sector, according to the report.
Read more: SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’ | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
