Threat researchers recently discovered a new loader dubbed DodgeBox. This loader shares significant traits with StealthVector, which is associated with the Chinese APT group APT41 / Earth Baku.
DodgeBox functions as a loader for a new backdoor named MoonWalk, which utilizes evasion techniques such as call stack spoofing, DLL sideloading, DLL hollowing and environmental guardrails similar to DodgeBox, employing Google Drive for C2 operations.
Read more…
Source: Broadcom
Related:
- Microsoft Digital Defense Report 2024: Microsoft customers face more than 600 million cybercriminal and nation-state attacks every day
October 15, 2024
In the last year, the cyber threat landscape continued to become more dangerous and complex. The malign actors of the world are becoming better resourced and better prepared, with increasingly sophisticated tactics, techniques, and tools that challenge even the world’s best cybersecurity defenders. Even Microsoft has been the victim of well-orchestrated attacks by determined and well-resourced ...
- Beyond the Surface: the evolution and expansion of the SideWinder APT group
October 15, 2024
SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been military and government entities in Pakistan, ...
- Whispers from the Dark Web Cave. Cyberthreats in the Middle East
October 14, 2024
The Kaspersky Digital Footprint Intelligence team analyzed cybersecurity threats coming from dark web cybercriminals who targeted businesses and governments in the Middle East in H1 2024. Our research highlights the most severe and pervasive threats, and identifies potential risks and consequences as well as defensive strategies. The five prevalent cybersecurity threats in the Middle East covered ...
- FBI: Update on SVR Cyber Operations and Vulnerability Exploitation
October 10, 2024
The Federal Bureau of Investigation (FBI) and pertners are releasing this joint Cybersecurity Advisory (CSA) to highlight the tactics, techniques, and procedures (TTPs) employed by the Russian Federation’s Foreign Intelligence Service (SVR) in recent cyber operations and provide network defenders with information to help counter SVR cyber threats. Since at least 2021, Russian SVR cyber actors ...
- European government systems hit by air-gap malware attack
October 9, 2024
In the last five years, hackers managed to steal sensitive information from air-gapped systems belonging to different European governments on at least three separate occasions. An air-gapped system is a computer or network that is physically isolated from unsecured networks, such as the internet, to prevent unauthorized access and enhance security. Still, crooks managed to steal ...
- Wreaking havoc in cyberspace: threat actors experiment with pentest tools
October 8, 2024
In recent months, adversaries have increasingly opted for the Havoc post‑exploitation framework. The tool is less popular compared to Cobalt Strike, Metasploit, and Sliver. According to BI.ZONE Threat Intelligence, this C2 framework is employed in an attempt to evade cybersecurity systems that may not flag an unknown program as malicious. For instance, such was the approach of ...