SprySOCKS Windows backdoor activity against government organizations
Malware Activity
Summary
Hide ▲
Show ▼
The SprySOCKS backdoor now has documented Windows variants used in attacks on government organizations across Taiwan, Thailand, Pakistan, and Honduras, expanding the malware's known operational reach. The variants add kernel-level stealth and multiple command-and-control channels, making detection and containment harder. The activity is attributed with high confidence to Earth Lusca / FishMonger, linking the malware to an established operator set.
Related Happenings
ESET analysis of SprySOCKS Windows variants adds IOC-backed detection guidance
Technical Analysis
H score33
First: 16.06.2026 12:00
Last: 16.06.2026 12:00
Sources 1
How related:
ESETS report provides a detailed technical analysis and indicators of compromise that could help organizations identify and protect against attacks using Windows versions of the SprySOCKS backdoor.
About this happening:
**ESET** published a detailed analysis of **SprySOCKS Windows variants**, exposing **IOCs** and stealth techniques that improve detection of backdoor activity across **government...
ESET analysis of SprySOCKS Windows variants adds IOC-backed detection guidance
Technical AnalysisHow related: ESETS report provides a detailed technical analysis and indicators of compromise that could help organizations identify and protect against attacks using Windows versions of the SprySOCKS backdoor.
About this happening: **ESET** published a detailed analysis of **SprySOCKS Windows variants**, exposing **IOCs** and stealth techniques that improve detection of backdoor activity across **government...
UDPGangster backdoor deployed by MuddyWater
Malware Activity
H score16
First: 08.12.2025 08:46
Last: 08.12.2025 08:46
Sources 1
About this happening:
The **MuddyWater** group has deployed **UDPGangster**, a new backdoor that uses **UDP C2** to control compromised systems and expand post-compromise access. The malware can **exec...
UDPGangster backdoor deployed by MuddyWater
Malware ActivityAbout this happening: The **MuddyWater** group has deployed **UDPGangster**, a new backdoor that uses **UDP C2** to control compromised systems and expand post-compromise access. The malware can **exec...
Kimsuky HttpTroy backdoor activity against South Korean users
Malware Activity
H score16
First: 05.11.2025 04:00
Last: 05.11.2025 04:00
Sources 1
About this happening:
**Kimsuky** has been tied to fresh **March and April 2026** campaigns against **South Korean military and corporate entities**, using **fake security-software pages** and a **coun...
Kimsuky HttpTroy backdoor activity against South Korean users
Malware ActivityAbout this happening: **Kimsuky** has been tied to fresh **March and April 2026** campaigns against **South Korean military and corporate entities**, using **fake security-software pages** and a **coun...
Timeline
-
16.06.2026 12:00 2 articles · 1h ago
SprySOCKS Windows backdoor activity against government organizations
Initial DisclosureThe first observed deployment involved **SprySOCKS Windows variants** being used during **2023-2024** against government organizations in multiple countries. Those variants combined stealth, persistence, and remote command features to operate inside victim systems with reduced visibility.
Show sources
- Windows version of SprySOCKS Linux malware used to attack govt orgs — www.bleepingcomputer.com — 16.06.2026 12:00
- Windows version of SprySOCKS Linux malware used to attack govt orgs — www.bleepingcomputer.com — 16.06.2026 12:00