QiAnXin Threat Intelligence Center and Falcon Operations Team observed in their daily operations that in June 2024, several foreign counterparts reported in-the-wild attacks related to the new attack technique GrimResource.
QiAnXin Threat Intelligence Center and Falcon Operations Team promptly conducted research on this technique and have been continuously monitoring it. In mid-July 2024, they discovered the first attack incident in government and enterprise terminals, and the researchers classified the nature of the attack as black industry. The GrimResource technique exploits the XSS vulnerability in mmc system files to execute JS code and uses DotNetToJScript to load arbitrary .NET programs into memory. This not only bypasses ActiveX control warnings but also enables fileless payload execution.
Read more…
Source: QiAnXin Threat Intelligence Center/Falcon Operations Team
Related:
- Laptops With More than 3.7 Million Hong Kong Voters’ Data Stolen
March 28, 2017
The Registration and Electoral Office of Hong Kong has reported the disappearance of two laptop computers after the chief executive election. The laptops contained around 3.7 million city’s voters personal information that could be compromised after the one of the most significant, if not the biggest ever data breaches in Hong Kong. The information that was ...
- China’s Quest for Cybersecurity Causes Headache for Foreign Companies
March 18, 2017
“There is no national security without cybersecurity,” declared President Xi Jinping at the inaugural meeting of the Central Leading Group for Cybersecurity and Informatization in February 2014. His words acted as the starter’s gun for a cyberspace regulation marathon in China. Since then, Chinese authorities have tightened the state’s control over all things cyber: from ...
- Nation States Distancing Themselves from APTs
February 14, 2017
Security researchers say a new trend in privateering is gaining traction among nation states, which are increasingly contracting with private companies to carry out state-sponsored attacks. Typically APT attacks have been the work of internal government spy apparatuses, but outsourcing allows nation states to shift risk, dodge attribution claims and take advantage of more sophisticated APT ...