UDPGangster is a UDP-based backdoor associated with the MuddyWater threat group, which is known for its cyber espionage operations across the Middle East and neighboring regions. This malware enables remote control of compromised systems by allowing attackers to execute commands, exfiltrate files, and deploy additional payloads, all communicated through UDP channels designed to evade traditional network defenses.
Researchers recently observed multiple UDPGangster campaigns targeting users in Turkey, Israel, and Azerbaijan. These campaigns primarily deliver their malware through malicious Microsoft Word documents that are embedded with VBA macros, which execute the payload once the macros are enabled. The samples collected include sophisticated anti-analysis techniques to detect and evade virtual environments and sandboxes, helping attackers avoid early detection.[1]
Link to full report: IR-25-344-002_Gangsta.pdf
[1] https://www.fortinet.com/blog/threat-research/udpgangster-campaigns-target-multiple-countries/
Comments