A new hacking group that has been dubbed Witchetty has been observed by threat actors using a new steganographic technique to hide a backdoor within a fraudulent Windows logo. The group is reportedly targeting Middle Eastern governments. Broadcom released an advisory addressing the campaign in which it claimed that the group had connections to a state-backed Chinese threat actor known as APT10. In addition, the group may be connected to TA410 operatives, a group that has been linked to attacks against the US energy sector in the past.
The group was first identified by security researchers at ESET last April and is characterized by the usage of a first-stage backdoor known as X4 and a second-stage payload called LookBack. The group has continued to use the latter payload in its attacks, however, other malware strains have been added to its arsenal. The group has the ability to continuously refine and refresh its toolset to compromise its targets, according to Broadcom.
Read More: Hackers Hide Malware in Windows Logo, Target Middle East Governments