Select Page

Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021.

“A notable feature of these attacks is that the attackers leveraged a wide range of legitimate software packages in order to load their malware payloads using a technique known as DLL side-loading,” the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News.

The campaign is said to be exclusively geared towards government institutions related to finance, aerospace, and defence, as well as state-owned media, IT, and telecom firms.

Dynamic-link library (DLL) side-loading is a popular cyberattack method that leverages how Microsoft Windows applications handle DLL files. In these intrusions, a spoofed malicious DLL is planted in the Windows Side-by-Side (WinSxS) directory so that the operating system loads it instead of the legitimate file.

The attacks entail the use of old and outdated versions of security solutions, graphics software, and web browsers that are bound to lack mitigations for DLL side-loading, using them as a conduit to load arbitrary shellcode designed to execute additional payloads.

images from Hacker News