Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations

A suspected Chinese threat actor, CL-STA-0049, has been targeting various sectors since March 2023, using a sophisticated backdoor named Squidoor. Squidoor, capable of operating on both Windows and Linux, employs multiple communication methods, including Outlook API, DNS tunneling, and ICMP tunneling, to evade detection. The threat actor utilizes web shells for initial access and lateral movement, deploying Squidoor to maintain persistence and collect sensitive information from compromised organizations.