UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
Summary
UnsolicitedBooker, a threat actor, is now targeting telecommunications companies in Central Asia (Kyrgyzstan and Tajikistan) after previously targeting Saudi Arabian entities. The attacks involve deploying backdoors named LuciDoor and MarsSnake.
IFF Assessment
The deployment of new backdoors by a threat actor is detrimental to network defenders.
Defender Context
Defenders in the telecommunications sector, especially in Central Asia, need to be aware of the tactics, techniques, and procedures (TTPs) used by UnsolicitedBooker, and specifically the LuciDoor and MarsSnake backdoors. Proactive threat hunting and enhanced endpoint detection and response (EDR) measures are crucial. Monitoring network traffic for suspicious activity and regularly updating security software can help mitigate the risk posed by this threat actor.