Malware is a post-exploitation tool that runs in the memory and lets remote attackers connect to any account on the server running MSSQL version 11 and 12 by using a “magic password” The malware manages to remain undetected on the victim’s MSSql Server by disabling the compromised machine’s logging functions, event publishing, and audit mechanisms. Researchers attributed the Skip-2.0 backdoor to a Chinese state-sponsored threat actor group called Winnti Group, as the malware contains multiple similarities to other known Winnte Group tools.
Source: https://thehackernews.com/2019/10/mssql-server-backdoor.html