US Media, Retailers Targeted by New SparklingGoblin APT
Cybersecurity researchers at ESET have identified a new threat actor utilizing an undocumented backdoor to infiltrate organizations in the education, retail, and government sectors. The advanced persistent threat (APT) group is an emerging international cybercriminals gang that is broadening its targets to include universities, media firms, and one computer retailer in the US. The APT has been named SparklingGoblin by researchers. ESET researchers state that the APT is an offshoot of another previously uncovered threat, Winnti Group, which was first discovered in 2013 by Kaspersky. Sparkling Goblin leverages a novel backdoor technique called SideWalk to penetrate cybersecurity defenses, according to ESET. The SideWalk backdoor is allegedly similar to one used by Winnti called Crosswalk. Both are modular backdoors that can run shellcode sent by the command and control server.