New NAPLISTENER Malware Used by REF2924 Group to Evade Network Detection
New NAPLISTENER Malware Used by REF2924 Group to Evade Network Detection
22 March 2023
The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia.
The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C# and is designed to evade "network-based forms of detection."
REF2924 is the moniker assigned to an activity cluster linked to attacks against an entity