Security News > 2022 > September > Asian Governments and Organizations Targeted in Latest Cyber Espionage Attacks
"A notable feature of these attacks is that the attackers leveraged a wide range of legitimate software packages in order to load their malware payloads using a technique known as DLL side-loading," the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News.
The attacks entail the use of old and outdated versions of security solutions, graphics software, and web browsers that are bound to lack mitigations for DLL side-loading, using them as a conduit to load arbitrary shellcode designed to execute additional payloads.
In one of the attacks against a government-owned organization in the education sector in Asia lasted from April to July 2022, during which the adversary accessed machines hosting databases and emails, before accessing the domain controller.
Symantec said it has limited evidence linking the threat actor's earlier attacks involving the PlugX malware to other Chinese hacking groups such as APT41 and Mustang Panda.
What's more, the use of a legitimate Bitdefender file to sideload shellcode has been observed in previous attacks attributed to APT41.
"The use of legitimate applications to facilitate DLL side-loading appears to be a growing trend among espionage actors operating in the region," the researchers said.
News URL
https://thehackernews.com/2022/09/asian-governments-and-organizations.html
Related news
- Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' (source)
- FBI confirms China-linked cyber espionage involving breached telecom providers (source)
- Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks (source)
- Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage (source)