Cyber Security

Threat Report SYSCON: What is SYSCON and How Does it Work?

The SYSCON backdoor has been in use since at least 2017 and has been associated with campaigns involving North Korean threat groups. SYSCON has been delivered by the CARROTBALL and CARROTBAT droppers and affects the Windows operating system.

SYSCON has the ability to execute commands through cmd on a compromised host, use Systeminfo to identify system information, use FTP in C2 communications, and use Tasklist to list running processes. SYSCON has been executed by luring victims to open malicious e-mail attachments.

SYSCON Malware Capabilities

  • The SYSCON malware may abuse the Windows command shell for execution. This allows the adversary to control almost any aspect of the system, including remotely via SSH. The SYSCON malware may also use information discovery to shape follow-on behaviors. Finally, SYSCON may communicate using application layer protocols associated with transferring files, which allows it to blend in with normal network traffic.

Ways to Mitigate SYSCON Malware Attacks

  • The SYSCON malware attack can be mitigated by restricting the usage of Windows command shell, capturing scripts from the file system, and analyzing network data for unusual data flows. These measures will help to identify suspicious activity and prevent further damage.
Show More

Reactionary Times News Desk

All breaking news stories that matter to America. The News Desk is covered by the sharpest eyes in news media, as they decipher fact from fiction.

Previous/Next Posts

Related Articles

Leave a Reply

Back to top button