Walmart’s Cyber Intelligence Team has discovered an unknown PowerShell backdoor linked to a new variant of the Zloader/SilentNight malware. This sophisticated backdoor provides threat actors with access to systems for reconnaissance and deployment of additional malware. It employs advanced obfuscation techniques, making detection challenging. The backdoor’s discovery highlights a broader trend of threat actors using scripting languages for backdoors.
The investigation revealed no direct targeting of Walmart, but the backdoor shares characteristics with previously observed PowerShell malware, like PowerDash. The malware’s ability to evade detection by sandboxes and its overlap with known ransomware groups, including Black Basta, poses a significant threat. Walmart advises organizations to enhance their internal detections to combat such sophisticated attacks.