Threat researchers recently discovered a new loader dubbed DodgeBox. This loader shares significant traits with StealthVector, which is associated with the Chinese APT group APT41 / Earth Baku.
DodgeBox functions as a loader for a new backdoor named MoonWalk, which utilizes evasion techniques such as call stack spoofing, DLL sideloading, DLL hollowing and environmental guardrails similar to DodgeBox, employing Google Drive for C2 operations.
Read more…
Source: Broadcom
Related:
- Remote access giant TeamViewer says Russian spies hacked its corporate network
June 28, 2024
TeamViewer, the company that makes widely used remote access tools for companies, has confirmed an ongoing cyberattack on its corporate network. In a statement Friday, the company attributed the compromise to government-backed hackers working for Russian intelligence, known as APT29 (and Midnight Blizzard). The Germany-based company said its investigation so far points to an initial intrusion on ...
- Chinese hackers have stepped up attacks on Taiwanese organizations
June 24, 2024
A suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organizations, particularly those in sectors such as government, education, technology and diplomacy, according to cybersecurity intelligence company Recorded Future. RedJuliett has targeted Taiwanese organizations in the past, but this is the first time that activity was seen at such a scale, a Recorded ...
- Sustained Campaign Using Chinese Espionage Tools Targets Telcos
June 20, 2024
Attackers using tools associated with Chinese espionage groups have breached multiple telecom operators in a single Asian country in a long-running espionage campaign. The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials. The attacks have been underway since at least 2021, with evidence to suggest that some of this ...
- Unmasking Mac malware – strategies for a growing threat
June 18, 2024
In recent years, cybercriminal groups have been ramping up their efforts to find vulnerabilities and create malware that will exploit the iOS or macOS. Jamf’s latest annual threat landscape research tracked 300 malware families designed for macOS, and 21 newly created families in 2023. It’s not just the number of malware families that has risen, but ...
- DISGOMOJI Malware Used to Target Indian Government
June 13, 2024
In 2024, Volexity identified a cyber-espionage campaign undertaken by a suspected Pakistan-based threat actor that Volexity currently tracks under the alias UTA0137. The malware used in these recent campaigns, which Volexity tracks as DISGOMOJI, is written in Golang and compiled for Linux systems. Volexity assesses with high confidence that UTA0137 has espionage-related objectives and a remit ...
- Sapphire Werewolf polishes Amethyst stealer to attack over 300 companies
June 5, 2024
Since March 2024, the BI.ZONE Threat Intelligence team has been tracking the cluster of activity dubbed Sapphire Werewolf. The threat actor targets Russia’s industries, such as education, manufacturing, IT, defense, and aerospace engineering. Over 300 attacks were carried out using Amethyst, an offshoot of the popular open‑source SapphireStealer. The attackers disguise the malware as an enforcement ...