CyberNews Briefs

Chinese Hackers Use new Microsoft SQL Server Backdoor Malware

Chinese state-backed hackers have been using a malware tool that enables them to access Microsoft SQL Server (MSSQL) systems using a special password and subsequently maintain a presence on those systems without getting detected.

The threat actor, known as APT 41, Winnti Group, Blackfly/Suckfly, Wicked Panda and BARIUM, has been active since at least 2011. The new malware, dubbed skip-2.0, uses the PortReuse and ShadowPad backdoors that have previously been connected to this cyber espionage group. Skip-2.0 only appears to be effective for targeting MSSQL Server 11 and 12 systems.

Read more: Chinese Hackers Use new Microsoft SQL Server Backdoor Malware

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.