A well-known hacking group, previously linked to the Chinese government, has developed new malware by merging features and source code from older projects. These are the findings of an investigation conducted by cybersecurity researchers at Intezer, who dubbed the new malware Ketrum because it is a patchwork of code from older Ketrican and Okrum backdoors. Ke3chang is allegedly the group behind the malware, known for its attacks on western governments, as well as and the military and oil industries. Intezer claims the new malware is consistent with the group’s Tactics, Techniques, and Procedures (TTPs), as a “basic backdoor” that allows remote access to a target device via a remote server. The remote server, allegedly located in China, stopped working in mid-May after malware samples were identified.
Source: IT Pro Portal