APT Encounters of the Third Kind

https://igor-blue.github.io/2021/03/24/apt1.html

This was a bit hard to follow, but if I'm understanding the author correctly:

  • Edge gateways with a custom kernel and a Go app that terminates SSL

  • Malicious NFS server that reads decoded HTTP traffic from the Go app's memory space and exfiltrates it

  • Via the kernel which has also been patched/backdoored

  • The exploits have a self-destruct mechanism built in.

Edit