The government has issued a cybersecurity advisory alerting against the ‘Dead Glyph Backdoor,’ a potent threat exploiting Windows-based operating systems. The advisory, shared by the Cyber Security Department with all ministries, divisions, and departments, provides technical details and precautionary measures against this x64 native binary and .Net assembly exploit code.
System and network administrators across government entities are instructed to implement comprehensive system hardening and whitelisting measures at all levels, including OS, BIOS, hardware, and software (defence in depth).
The advisory outlines the tactics of the backdoor, highlighting its approach of targeting online systems through malicious scripts attached to impersonated files. Upon infiltration, the exploit code saves fake DLL files in the Windows C Drive, executing second-stage malware via unauthorized PowerShell script issuance to extract critical user data.
To counter this threat, the advisory recommends robust cybersecurity measures, including the installation of reputable and licensed cybersecurity solutions such as antivirus, anti-malware, firewalls, SIEM, SOAR, IPS/IDS, and NMS. Regular manual inspections of the C Drive System32 folder are also advised to detect suspicious file creation activity.
In response to the Dead Glyph Backdoor, ongoing monitoring of domain controllers for signs of malware infection is suggested. Regular examinations of endpoints and network logs to identify anomalous network traffic and blocking outbound network connections from specific executables are also emphasized.
Further preventive measures include blacklisting unnecessary Windows commands and utilities, restricting script execution with specific extensions, establishing a Sender Policy Framework (SPF) for domains to prevent email spoofing, and implementing application whitelisting. The advisory also advocates strict enforcement of Software Restriction Policies (SRP) to block binaries running from %APPDATA% and %TEMP% paths.
Maintaining cybersecurity resilience, the government advisory underscores the importance of regular updates for Microsoft Windows vulnerabilities and other installed software. Additional recommendations include disabling Remote Desktop Protocol (RDP) when not required, patching against the latest vulnerabilities, establishing a site-to-site VPN for remote access, and adopting a zero-trust architecture for service access.
The advisory concludes with a strong emphasis on regular updates to anti-malware solutions and performing backups of critical information to mitigate the impact of data or system loss and expedite the recovery process.
