Zardoor Backdoor Unmasked: The Hidden Cyber Campaign Against Islamic Non-Profits
A new actor has emerged from the shadows, wielding malware so stealthy and sophisticated that it remained undetected for years. This backdoor, known as “Zardoor,” serves as a stark reminder of the relentless pursuit of espionage by unknown entities in cyber warfare. Discovered by the security researchers at Cisco Talos, the Zardoor campaign targets organizations with precision, leveraging advanced techniques to maintain a ghostly presence within compromised networks.
At its core, the Zardoor backdoor is not merely a piece of malware but a sophisticated espionage framework, designed for long-term infiltration. Its deployment within an Islamic non-profit organization hints at the strategic interests driving the attackers, yet its identity remains cloaked in mystery. The use of custom backdoors, modified reverse proxy tools, and living-off-the-land binaries (LoLBins) to evade detection underscores the high level of expertise of the threat actors.
The initial compromise remains shrouded in secrecy, but once inside, the attackers deploy Zardoor to establish command and control, utilizing open-source reverse proxy tools in a manner that is both innovative and deceptive. By customizing these tools, the attackers ensure they blend seamlessly into the network environment, making detection a formidable challenge.
Zardoor’s technical prowess is further demonstrated through its execution flow, involving a meticulously crafted dropper that manipulates system processes to inject malicious payloads without raising alarms. The orchestration of these payloads, through a series of complex steps, illustrates the attacker’s deep understanding of Windows operating systems and their commitment to stealth.
The backdoor itself is a marvel of malicious engineering, capable of executing encrypted commands, manipulating session IDs, and even updating its command and control servers on the fly. This level of control, coupled with the ability to execute payloads directly in memory, highlights Zardoor’s role as a potent tool for espionage.
