{"id":149105,"date":"2022-10-29T18:24:16","date_gmt":"2022-10-29T23:24:16","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/10\/researchers-uncover-stealthy-techniques-used-by-cranefly-espionage-hackers"},"modified":"2022-10-29T18:24:16","modified_gmt":"2022-10-29T23:24:16","slug":"researchers-uncover-stealthy-techniques-used-by-cranefly-espionage-hackers","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/10\/researchers-uncover-stealthy-techniques-used-by-cranefly-espionage-hackers","title":{"rendered":"Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/researchers-uncover-stealthy-techniques-used-by-cranefly-espionage-hackers.jpg\"><\/a><\/p>\n<p>A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called <b>Danfuan<\/b>.<\/p>\n<p>This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software, <a href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/cranefly-new-tools-technique-geppei-danfuan\" rel=\"noopener\" target=\"_blank\">said<\/a> in a report shared with The Hacker News.<\/p>\n<p>The dropper \u201cis being used to install a new backdoor and other tools using the novel technique of reading commands from seemingly innocuous Internet Information Services (<a href=\"https:\/\/thehackernews.com\/2021\/08\/several-malware-families-targeting-iis.html\" rel='noopener' target=\"_blank\">IIS<\/a>) logs,\u201d the researchers said.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan. This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software, said in a report shared with The Hacker News. The dropper \u201cis being used to install [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,418],"tags":[],"class_list":["post-149105","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-internet"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/149105","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=149105"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/149105\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=149105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=149105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=149105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}