Chinese state-backed hackers have been using a malware tool that enables them to access Microsoft SQL Server (MSSQL) systems using a special password and subsequently maintain a presence on those systems without getting detected.
The threat actor, known as APT 41, Winnti Group, Blackfly/Suckfly, Wicked Panda and BARIUM, has been active since at least 2011. The new malware, dubbed skip-2.0, uses the PortReuse and ShadowPad backdoors that have previously been connected to this cyber espionage group. Skip-2.0 only appears to be effective for targeting MSSQL Server 11 and 12 systems.
Read more: Chinese Hackers Use new Microsoft SQL Server Backdoor Malware