Veiledsignal

Threat Actor updated 2 months ago (2024-11-29T14:27:56.144Z)
Download STIX
Preview STIX
VeiledSignal is a threat actor known for its sophisticated cyberattacks, which typically involve the use of trojanized software to infiltrate systems and networks. In one significant incident, VeiledSignal compromised an employee's personal computer by embedding malware, detected as Win32/NukeSped.MO (aka VEILEDSIGNAL), into the 3CX app downloaded from the Trading Technologies website. The malware installation triggered a complex loading process that resulted in a multi-stage backdoor called "VEILEDSIGNAL" being installed on the individual's system. This breach allowed VeiledSignal to steal the employee's corporate credentials, leading to a further compromise of both the Windows and macOS build environments of the 3CX app. The attack chain employed by VeiledSignal involved the use of open-source tools such as SIGFLIP and DAVESHELL to extract and execute the VEILEDSIGNAL backdoor. This fully-featured malware provided the threat actor with administrator-level access and persistence to the compromised system. Once implanted, VEILEDSIGNAL downloaded an encrypted command and control (C2) module from GitHub, further enhancing its control over the infected system. VeiledSignal's malware contains three components: the main backdoor, an injector module, and a communications model. In addition to compromising the 3CX app, VeiledSignal also used its access to the Trading Technologies platform to infiltrate 3CX's network. Here, they modified desktop apps to compromise the networks of 3CX's customers, deploying the VeiledSignal multi-stage modular backdoor onto victims' systems. This specific version of the X_Trader software downloaded by the 3CX employee was loaded with the VeiledSignal backdoor, appearing legitimate due to the file and its installer being signed with a since-expired digital certificate.
Description last updated: 2024-05-04T17:28:35.659Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
3cx
Malware
Mandiant
Windows
Payload
Macos
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Veiledsignal Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
2 years ago
BankInfoSecurity
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
DARKReading
2 years ago
InfoSecurity-magazine
2 years ago