Ransomware Gangs Use ‘SystemBC’ Tor Backdoor in Attacks

Source
Advertisement


Initially observed in 2019, SystemBC enables persistent access to the system, providing attackers with means to conceal communications and remotely control the infected devices.

Designed with support for the execution of commands and to allow adversaries to download and execute scripts, executables, and DLLs, the backdoor is continuously evolving, with recent samples having switched from creating a SOCKS5 proxy to using the Tor network for communication purposes.

Advertisement