Security News > 2023 > March > Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection

Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that's designed to load Cobalt Strike onto infected machines.

The development comes as improved detection capabilities against Cobalt Strike, a legitimate post-exploitation tool used for red team operations, is forcing threat actors to seek alternative options or concoct new ways to propagate the framework to evade detection.

SILKLOADER samples analyzed by the company show that early versions of the malware date back to the start of 2022, with the loader exclusively put to use in different attacks targeting victims in China and Hong Kong.

This has further given way to a hypothesis that "SILKLOADER was originally written by threat actors acting within the Chinese cybercriminal ecosystem" and that the "Loader was used by the threat actors within this nexus at least as early as May 2022 till July 2022.".

"The builder or source code was later acquired by a threat actor within the Russian cybercriminal ecosystem between July 2022 and September 2022," WithSecure said, adding, "The original Chinese author sold the loader to a Russian threat actor once they no longer had any use for it."

Both SILKLOADER and BAILLOADER are just the latest examples of threat actors refining and retooling their approaches to stay ahead of the detection curve.

News URL

https://thehackernews.com/2023/03/chinese-and-russian-hackers-using.html