From a 7 KB file to a 13-year backdoor operation
Summary
A detailed investigation into a 13-year backdoor operation tied to SiteGuarding and wp.org plugins. The piece documents a 7 KB dropper that triggered a wide, multi-wave malware campaign across dozens of plugins and burner accounts, revealing persistence techniques, C2 infrastructure, and indicators of compromise, with a timeline and remediation guidance.