securelist.com 7/16/2026, 3:09:37 PM · external

APT Group Hijacks ViPNet Updates to Deploy Rust Backdoor

APT Group Hijacks ViPNet Updates to Deploy Rust Backdoor
CyberSIXT Evidence Panel Source marked as original reporting

THE report details a new APT attack utilizing the ViPNet update system, which began in May 2026. It identifies various malicious modules including HelloInjector (a loader), HelloProxy (a traffic proxy and loader), and HelloBackdoor (a Rust-based backdoor). The attackers use DLL sideloading techniques to maintain persistence and employ sophisticated methods to inject malicious code into trusted processes like svchost.exe. The campaign targets large Russian organizations across multiple sectors.

Kaspersky provides detection solutions and emphasizes the importance of monitoring network traffic and other indicators of compromise, recommending enhanced security measures against such advanced threats.

View full article

Article by CyberSIXT