Several cases were observed where DLL side-loading was used to execute the malicious code. Side-loading is the use of a malicious DLL spoofing a legitimate one, relying on legitimate Windows executables. Learn more on this and other news in this batch of InfoSec articles.
For more articles, check out our #onpatrol4malware blog.
Back to the Future: Inside the Kimsuky KGH Spyware Suite
Source: Cybereason
Kimsuky has been active since at least 2012 and is believed to be operating on behalf of the North Korean regime. The group has a rich and notorious history of offensive cyber operations around the world. Read more.
Ransomware Activity Targeting the Healthcare and Public Health Sector
Source: CISA
The cybercriminal enterprise behind TrickBot, which is likely also the creator of BazarLoader malware, has continued to develop new functionality and tools, increasing the ease, speed, and profitability of victimization. Read more.
APT trends report Q3 2020
Source: SecureList
The summaries are based on GReAT’s threat intelligence research and provide a representative snapshot of what they have published and discussed in greater detail in their private APT reports. Read more.
Turla APT Updates Anti-Detection Tactics
Source: Threat Report
Also known as Waterbug, Venomous Bear and KRYPTON, Turla has been in operation since the early 2000s. The group focuses on espionage, targeting government entities and embassies in up to 100 countries. Read more.
A new APT uses DLL side-loads to “KilllSomeOneâ€
Source: Sophos
Several cases were observed where DLL side-loading was used to execute the malicious code. Side-loading is the use of a malicious DLL spoofing a legitimate one, relying on legitimate Windows executables. Read more.
xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control
Source: Palo Alto
The xHunt campaign has been active since at least July 2018 and we have seen this group target Kuwait government and shipping and transportation organizations. Read more.
Hungry for data, ModPipe backdoor hits POS software used in hospitality sector
Source: WeLiveSecurity
Backdoor authors show deep knowledge of the targeted POS software, decrypting database passwords from Windows registry values. Read more.