Security News > 2020 > October > APT Attack Injects Malware into Windows Error Reporting
A campaign that injects malware into the Windows Error Reporting service to evade detection is potentially the work of a Vietnamese APT group, researchers said.
The attack, discovered on Sept. 17 by researchers at Malwarebytes Threat Intelligence Team, lures its victims with a phishing campaign that claims to have important information about workers' compensation rights, according to a blog post on Tuesday by researchers Hossein Jazi and Jérôme Segura.
"The threat actors compromised a website to host its payload and used the CactusTorch framework to perform a fileless attack, followed by several anti-analysis techniques," researchers wrote.
Exe, which is "Usually invoked when an error related to the operating system, Windows features or applications happens," researchers noted.
From at least January to April, the FireEye Mandiant researchers have seen the group attacking China's Ministry of Emergency Management, as well as the government of Wuhan province, in an apparent bid to steal intelligence regarding the country's COVID-19 response.
News URL
https://threatpost.com/apt-attack-malware-windows-error-reporting/159861/
Related news
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)