Security News > 2020 > October > APT Attack Injects Malware into Windows Error Reporting
A campaign that injects malware into the Windows Error Reporting service to evade detection is potentially the work of a Vietnamese APT group, researchers said.
The attack, discovered on Sept. 17 by researchers at Malwarebytes Threat Intelligence Team, lures its victims with a phishing campaign that claims to have important information about workers' compensation rights, according to a blog post on Tuesday by researchers Hossein Jazi and Jérôme Segura.
"The threat actors compromised a website to host its payload and used the CactusTorch framework to perform a fileless attack, followed by several anti-analysis techniques," researchers wrote.
Exe, which is "Usually invoked when an error related to the operating system, Windows features or applications happens," researchers noted.
From at least January to April, the FireEye Mandiant researchers have seen the group attacking China's Ministry of Emergency Management, as well as the government of Wuhan province, in an apparent bid to steal intelligence regarding the country's COVID-19 response.
News URL
https://threatpost.com/apt-attack-malware-windows-error-reporting/159861/
Related news
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)