Security News > 2020 > October > APT Attack Injects Malware into Windows Error Reporting
A campaign that injects malware into the Windows Error Reporting service to evade detection is potentially the work of a Vietnamese APT group, researchers said.
The attack, discovered on Sept. 17 by researchers at Malwarebytes Threat Intelligence Team, lures its victims with a phishing campaign that claims to have important information about workers' compensation rights, according to a blog post on Tuesday by researchers Hossein Jazi and Jérôme Segura.
"The threat actors compromised a website to host its payload and used the CactusTorch framework to perform a fileless attack, followed by several anti-analysis techniques," researchers wrote.
Exe, which is "Usually invoked when an error related to the operating system, Windows features or applications happens," researchers noted.
From at least January to April, the FireEye Mandiant researchers have seen the group attacking China's Ministry of Emergency Management, as well as the government of Wuhan province, in an apparent bid to steal intelligence regarding the country's COVID-19 response.
News URL
https://threatpost.com/apt-attack-malware-windows-error-reporting/159861/
Related news
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal (source)
- Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)