Threat Management, Critical Infrastructure Security

New cyberespionage attacks set sights on Asian entities

Share

The Hacker News reports that numerous Asian finance, defense, and aerospace government entities, as well as state-owned telecommunications, media, and IT companies have been targeted in a cyberespionage effort leveraging dynamic-link library side-loading since early last year. Threat actors have been using outdated software without DLL side-loading mitigations to facilitate the loading of payload-executing arbitrary shellcodes, as well as other malicious payloads for credential theft and lateral network movement, according to a report from the Symantec Threat Hunter Team. Researchers have observed that a renamed Mimikatz version was launched in an attack against an education organization using an 11-year-old Bitdefender Crash Handler version. Despite the continued mystery regarding the threat group's identity, researchers discovered that the ShadowPad malware may have been used in its previous attacks. "The use of legitimate applications to facilitate DLL side-loading appears to be a growing trend among espionage actors operating in the region. Although a well-known technique, it must be yielding some success for attackers given its current popularity," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.