ShadowRelay: New Modular Backdoor in the Public Sector

A new modular backdoor called ShadowRelay was discovered on a compromised Exchange server in a government organization. The backdoor allows loading different plugins and demonstrates sophisticated design indicative of well-prepared attackers. It uses packet injection to hide network activity and can spy covertly in protected network segments by communicating through infected machines. The backdoor can inject itself into other processes and uses plugins to load additional functionality, allowing it to evade detection. These capabilities suggest the attackers aim for long-term covert presence and espionage, typical of state-sponsored APT groups. The backdoor was found alongside tools from other known threat actors, complicating attribution.

Pulse ID: 69734904476c08abeb44c4b8
Pulse Link: https://otx.alienvault.com/pulse/69734904476c08abeb44c4b8
Pulse Author: AlienVault
Created: 2026-01-23 10:10:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #ELF #Espionage #Government #InfoSec #Mac #OTX #OpenThreatExchange #RAT #bot #AlienVault