Threat researchers recently discovered a new loader dubbed DodgeBox. This loader shares significant traits with StealthVector, which is associated with the Chinese APT group APT41 / Earth Baku.
DodgeBox functions as a loader for a new backdoor named MoonWalk, which utilizes evasion techniques such as call stack spoofing, DLL sideloading, DLL hollowing and environmental guardrails similar to DodgeBox, employing Google Drive for C2 operations.
Read more…
Source: Broadcom
Related:
- Lazarus group evolves its infection chain with old and new malware
December 19, 2024
Over the past few years, the Lazarus group has been distributing its malicious software by exploiting fake job opportunities targeting employees in various industries, including defense, aerospace, cryptocurrency, and other global sectors. This attack campaign is called the DeathNote campaign and is also referred to as “Operation DreamJob”. Kaspersky researchers have previously published the history of ...
- New Gmail Security Warning For 2.5 Billion – Second Attack Wave Incoming
December 18, 2024
As it issues a warning that a second wave of cyber threats against Gmail users is incoming from very persistent attackers, Google has detailed the specific attack methodologies involved and recommended actions that all 2.5 billion Gmail users employ to stay safe and secure. Here’s what you need to know. Although when compared to last year, ...
- Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks
December 17, 2024
Red teaming provides essential tools and testing methodologies for organizations to strengthen their security defenses. Cybercriminals and advanced persistent threat (APT) actors pay close attention to new methods and tools red teams develop, and they may repurpose them with a malicious intent. In October 2024, an APT group that Trend Micro tracks as Earth Koshchei (also ...
- Careto is back: what’s new after 10 years of silence?
December 12, 2024
During the first week of October, Kaspersky took part in the 34th Virus Bulletin International Conference, one of the longest-running cybersecurity events. There, Kaspersky researchers delivered multiple presentations, and one of our talks focused on newly observed activities by the Careto threat actor, which is also known as “The Mask”. The Mask APT is a legendary ...
- US critical infrastructure hit once again by a new group on the scene
December 6, 2024
Storm-0227, a Chinese state-sponsored advanced persistent threat (APT) actor started targeting critical infrastructure organizations, as well as government entities, in the United States. The group abuses software vulnerabilities and engages in spear phishing attacks to gain access to people’s devices. Once they get the access, they deploy different Remote Access Trojans (RAT) and other malware to ...
- APT trends report Q3 2024
November 28, 2024
In the second half of 2022, a wave of attacks from an unknown threat actor targeted victims with a new type of attack framework that we dubbed P8. The campaign targeted Vietnamese victims, mostly from the financial sector, with some from the real estate sector. Later, in 2023, Elastic Lab published a report about an OceanLotus ...