Security News > 2023 > May > Hackers start using double DLL sideloading to evade detection
An APT hacking group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" is demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection.
DLL sideloading is a technique exploited by attackers since 2010, taking advantage of the insecure way Windows loads DLL files required by an application.
The attacker places a malicious DLL with the same name as the legitimate, required DLL in an application's directory.
The attacker's DLL contains malicious code that loads at this stage, giving the attacker privileges or running commands on the host by exploiting the trusted, signed application that is loading it.
In summary, DLL sideloading remains an effective attack method for hackers and one that Microsoft and developers have failed to address for over a decade.
In the latest APT-Q-27 attack, analysts observed DLL sideloading variations that are challenging to track; hence they achieve a stealthier infection chain.