New Buterat Backdoor Malware Found in Enterprise and Government Networks

Cybersecurity researchers at Point Wild’s Lat61 Threat Intelligence Team have released new findings on a highly sophisticated malware operation known as Buterat. The program is designed for long-term infection, enabling attackers to breach networks, steal sensitive information, and drop additional malicious tools.

According to researchers, the Buterat backdoor was initially spotted targeting government and enterprise networks. In their blog post shared with Hackread ahead of publication, they noted that the Buterat backdoor uses advanced process and thread manipulation techniques such as SetThreadContext and ResumeThread to hijack execution flow, avoiding the alerts that security systems typically look for.

What’s worse, Buterat is also capable of bypassing the authentication systems most devices rely on. The backdoor communicates with remote command-and-control (C2) servers using encrypted and obfuscated channels, making it extremely difficult to detect through normal network monitoring.

During live testing, researchers observed the malware dropping multiple payloads onto infected systems. Files with names like payload1.exe and payload2.dll were placed in the Windows user directory, each designed to play a role in maintaining control and increasing the capabilities of attackers behind the operation.

To read the complete article see: Hack Read ‘}}]}