Threat researchers recently discovered a new loader dubbed DodgeBox. This loader shares significant traits with StealthVector, which is associated with the Chinese APT group APT41 / Earth Baku.
DodgeBox functions as a loader for a new backdoor named MoonWalk, which utilizes evasion techniques such as call stack spoofing, DLL sideloading, DLL hollowing and environmental guardrails similar to DodgeBox, employing Google Drive for C2 operations.
Read more…
Source: Broadcom
Related:
- Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware
January 18, 2024
Over the years, TAG has analyzed a range of persistent threats including COLDRIVER (also known as UNC4057, Star Blizzard and Callisto), a Russian threat group focused on credential phishing activities against high profile individuals in NGOs, former intelligence and military officers, and NATO governments. In order to gain the trust of targets, COLDRIVER often utilizes impersonation ...
- 7777-Botnet Infection Vectors
January 18, 2024
In October 2023, the 7777-Botnet was first discussed in a writeup titled, The Curious Case of the 7777-Botnet. The author, supported by other researchers, describes a ~10,000 node botnet that’s purpose is to brute-force Microsoft Azure user credentials. It employs targeted, low-volume methods that are so effective that they were only discovered due to a geolocation ...
- New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
January 17, 2024
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, Mint Sandstorm used bespoke phishing lures in an attempt to socially engineer targets into downloading ...
- Hackers target UK in huge cyber attack ‘in response to airstrikes in Yemen’
January 13, 2024
Hackers say they launched a massive cyber attack against the UK in response to airstrikes in Yemen. Anonymous Sudan said Friday’s raid on an internet company was also because Britain had shown “support” for Israel. In a statement on messaging platform Telegram, the group warned: “Big attack on UK soon, in response to the air attacks ...
- Seedworm: Iranian Hackers Target Telecoms Organisations in North and East Africa
December 19, 2023
Iranian espionage group Seedworm (aka Muddywater) has been targeting organizations operating in the telecommunications sector in Egypt, Sudan, and Tanzania. Seedworm has been active since at least 2017, and has targeted organizations in many countries, though it is most strongly associated with attacks on organizations in the Middle East. It has been publicly stated that Seedworm ...
- Israeli-linked hacker group behind major cyber-attack on Iran’s petrol stations
December 18, 2023
An Israeli-linked hacker group claims to have carried out a major cyber-attack on Iranian petrol stations, knocking 70 per cent of them offline on Monday. Predatory Sparrow, or “Gonjeshke Darande” in Persian, said it launched the “controlled” attack in response to “aggression” by the Islamic Republic and its proxies in the region. “This cyber attack was ...