Microsoft SQL Server 11 and 12 backdoor, accessible with 'magic password', linked to Chinese APT

clock
'Magic backdoor' that evades logging a key feature of China-linked Winnti Group's latest attack tool
Image:

'Magic backdoor' that evades logging a key feature of China-linked Winnti Group's latest attack tool

ESET researchers attribute sophisticated MS SQL Server backdoor tool to China's Winnti Group, also known as APT17

Security researchers at ESET have warned of a new backdoor threat to Microsoft's SQL Server enterprise database that, they claim, makes the database accessible with a ‘magic password' that ensures that...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

More on Threats and Risks

Admins urged to patch SolarWinds Serv-U bug against Log4j attacks

Admins urged to patch SolarWinds Serv-U bug against Log4j attacks

Hackers are actively exploiting the bug in the wild, according to Microsoft

clock 21 January 2022 • 3 min read
The new proposals would significantly increase the reporting requirements on large firms

UK proposes new laws to boost cyber resilience

The proposals would see more companies adopt improved cyber security measures, but there's no mention of open source

clock 20 January 2022 • 3 min read
Linux admins advised to patch full-disk encryption bug that allows decryption without password

Linux admins urged to patch full-disk encryption bug that allows decryption without a password

The issue affects LUKS 2.2.0 and later

clock 19 January 2022 • 2 min read