Walmart’s Cyber Intelligence Team has identified a new PowerShell backdoor that is being used to distribute additional malware, including a new variant of the Zloader/SilentNight Trojan [1] [2].

Description

The backdoor discovered by Walmart’s Cyber Intelligence Team allows threat actors to gain further access and employs advanced obfuscation techniques. Although the malware combination was not specifically targeting Walmart, the team found it during proactive threat investigations. The threat actor involved has connections to Zloader/SilentNight [1] [2], which CISA has linked to Black Basta [1] [2], suggesting potential breach and ransom activities [1] [2]. Zloader [2], originally a banking Trojan [2], has evolved over time and has been associated with various Russian ransomware-as-a-service groups [2], such as Ryuk, DarkSide [2], and Black Basta [1] [2].

Conclusion

The discovery of this new PowerShell backdoor and associated malware poses a significant threat to cybersecurity. It is crucial for organizations to remain vigilant and implement robust security measures to protect against such threats. The evolving nature of malware, as seen with Zloader, highlights the importance of continuous monitoring and adaptation of cybersecurity strategies to mitigate risks effectively.

References

[1] https://thecyberwire.com/newsletters/daily-briefing/13/143
[2] https://www.infosecurity-magazine.com/news/walmart-powershell-backdoor-zloader/