Meet VenomSEO: New Threat Targeting Malaysian Websites for Black SEO
In this presentation, we will talk about VenomSEO, a newly identified advanced persistent threat (APT) group targeting governmental and corporate websites running on Linux platforms in Malaysia with the aim of facilitating Black SEO operations.
The group’s primary objective appears to be the compromise of web servers for traffic redirection and monetized search engine manipulation.
We will delve into a recent case study involving a targeted attack on a Malaysian company, shedding light on VenomSEO’s infiltration strategies and post-exploitation activities.
Further investigation has revealed that similar compromises have occurred across multiple countries, including Brazil, India, and Thailand.
VenomSEO employs a sophisticated arsenal of attack techniques, including zero-day exploits, web shells, privilege escalation, backdoors, rootkits, and credential harvesting tools. We will analyze their tactics, techniques, and procedures (TTPs), offering insights into detection, mitigation, and defense strategies against this emerging threat.
Igor Zdobnov – Doctor Web, Ltd.
Igor Zdobnov joined Doctor Web in 2002 as a malware analyst and since 2009 has been working as a chief malware analyst. He is leading different security projects inside the company, threat intelligence, threat detection and prevention. He is passionate in malware analysis, reverse engineering and building machine learning malware detection systems.
Ivan Korolev – Doctor Web, Ltd.
Ivan Korolev joined Doctor Web in 2014 as a malware analyst and since 2019 has been working as a team leader for botnet research team. He is focused on analyzing targeted attacks, botnets and emerging threats. He likes to find vulnerabilities and participate in bug bounties in spare time.