Security News > 2020 > October > APT Attack Injects Malware into Windows Error Reporting
A campaign that injects malware into the Windows Error Reporting service to evade detection is potentially the work of a Vietnamese APT group, researchers said.
The attack, discovered on Sept. 17 by researchers at Malwarebytes Threat Intelligence Team, lures its victims with a phishing campaign that claims to have important information about workers' compensation rights, according to a blog post on Tuesday by researchers Hossein Jazi and Jérôme Segura.
"The threat actors compromised a website to host its payload and used the CactusTorch framework to perform a fileless attack, followed by several anti-analysis techniques," researchers wrote.
Exe, which is "Usually invoked when an error related to the operating system, Windows features or applications happens," researchers noted.
From at least January to April, the FireEye Mandiant researchers have seen the group attacking China's Ministry of Emergency Management, as well as the government of Wuhan province, in an apparent bid to steal intelligence regarding the country's COVID-19 response.
News URL
https://threatpost.com/apt-attack-malware-windows-error-reporting/159861/
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)