Security News > 2020 > October > APT Attack Injects Malware into Windows Error Reporting
A campaign that injects malware into the Windows Error Reporting service to evade detection is potentially the work of a Vietnamese APT group, researchers said.
The attack, discovered on Sept. 17 by researchers at Malwarebytes Threat Intelligence Team, lures its victims with a phishing campaign that claims to have important information about workers' compensation rights, according to a blog post on Tuesday by researchers Hossein Jazi and Jérôme Segura.
"The threat actors compromised a website to host its payload and used the CactusTorch framework to perform a fileless attack, followed by several anti-analysis techniques," researchers wrote.
Exe, which is "Usually invoked when an error related to the operating system, Windows features or applications happens," researchers noted.
From at least January to April, the FireEye Mandiant researchers have seen the group attacking China's Ministry of Emergency Management, as well as the government of Wuhan province, in an apparent bid to steal intelligence regarding the country's COVID-19 response.
News URL
https://threatpost.com/apt-attack-malware-windows-error-reporting/159861/
Related news
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads (source)
- APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) (source)
- Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)