Threat researchers recently discovered a new loader dubbed DodgeBox. This loader shares significant traits with StealthVector, which is associated with the Chinese APT group APT41 / Earth Baku.
DodgeBox functions as a loader for a new backdoor named MoonWalk, which utilizes evasion techniques such as call stack spoofing, DLL sideloading, DLL hollowing and environmental guardrails similar to DodgeBox, employing Google Drive for C2 operations.
Read more…
Source: Broadcom
Related:
- Notes of cyber inspector: three clusters of threat in cyberspace
September 10, 2025
Hacktivism and geopolitically motivated APT groups have become a significant threat to many regions of the world in recent years, damaging infrastructure and important functions of government, business, and society. In late 2022 Kaspersky predicted that the involvement of hacktivist groups in all major geopolitical conflicts from now on will only increase and this is what ...
- Deception in Depth: PRC-nexus espionage campaign hijacks web traffic to target diplomats
August 25, 2025
This blog post presents Google Threat Intelligence Group (GTIG) findings and analysis of this espionage campaign, as well as the evolution of the threat actor’s operational capabilities. GTIG examine how the malware is delivered, how the threat actor utilized social engineering and evasion techniques, and technical aspects of the multi-stage malware payloads. In this campaign, the ...
- FBI: Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure
August 20, 2025
The Federal Bureau of Investigation (FBI) is warning the public, private sector, and international community of the threat posed to computer networks and critical infrastructure by cyber actors attributed to the Russian Federal Security Service’s (FSB) Center 16. The FBI detected Russian FSB cyber actors exploiting Simple Network Management Protocol (SNMP) and end-of-life networking devices running ...
- Hackers breach and expose a major North Korean spying operation
August 12, 2025
Hackers claim to have compromised the computer of a North Korean government hacker and leaked its contents online, offering a rare window into a hacking operation by the notoriously secretive nation. The two hackers, who go by Saber and cyb0rg, published a report about the breach in the latest issue of Phrack magazine, a legendary cybersecurity ...
- New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
August 12, 2025
Trend Micro researchers recently identified a new ransomware family called Charon, deployed in a targeted attack observed in the Middle East’s public sector and aviation industry. The threat actor employed a DLL sideloading technique notably similar to tactics previously documented in the Earth Baxia campaigns, which have historically targeted government sectors. The attack chain leveraged a ...
- From ClickFix to Command: A Full PowerShell Attack Chain
August 11, 2025
The FortiMail Workspace Security team recently identified a targeted intrusion campaign impacting multiple Israeli organizations. The adversary leveraged compromised internal email infrastructure to distribute phishing messages across the regional business landscape. These emails initiated a multi-stage, PowerShell-based infection chain that culminated in the delivery of a remote access trojan (RAT), executed entirely through PowerShell. Read more… Source: Fortinet Sign ...