Security News > 2020 > November > Mysterious APT Leaves Curious ‘KilllSomeOne’ Clue
Based on crude messages, such as "KilllSomeOne", used in attack code strings, coupled with advanced deployment and targeting techniques, they say the APT has a split personality.
"The messages hidden in their samples [malware] are on the level of script kiddies. On the other hand, the targeting and deployment is that of a serious APT group," wrote Gabor Szappanos, author of a Sophos technical brief, posted Wednesday, outlining what is known about the APT. Szappanos wrote that the gang relies primarily on a cyberattack technique known as DLL side-loading.
"While the is far from new-we first saw it used by APT groups as early as 2013, before cybercrime groups started to add it to their arsenal-this particular payload was not one we've seen before," Szappanos wrote.
All four DLL side-loading scenarios execute malicious code and install backdoors in the networks of targeted organizations.
Sample strings of plain text in the KilllSomeOne malware code include "Happiness is a way station between too much and too little" and "HELLO USA PRISIDENT".