APT attack on a telecommunications company in Kazakhstan
released on 2022-04-26 @ 11:47:45 AM
In October 2021, one of Kazakhstan’s telecommunication companies contacted Doctor Web,
with suspicion of malware in the corporate network. During the first look, they found backdoors
that were previously only used in targeted attacks. During the investigation, they also found out
that the company’s internal servers had been compromised since 2019. For several years,
Backdoor.PlugX.93 and BackDoor.Whitebird.30, the Fast Reverse Proxy (FRP) utilities, and
RemCom have been the main attackers' tools.