APT10: Tracking down LODEINFO 2022, part I


Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any attacks utilizing those new variants. LODEINFO is sophisticated fileless malware first named in a blogpost from JPCERT/CC in February 2020.

The malware was regularly modified and upgraded by the developers to target media, diplomatic, governmental and public sector organizations and think-tanks in Japan.

Researchers continued tracking LODEINFO after that. JPCERT/CC and Macnica Networks shared additional updates on LODEINFO activities in a later publication. Kaspersky researchers also shared new findings during the HITCON 2021 conference, covering LODEINFO activities from 2019 to 2020, and revealing high-confidence attribution to APT10.

Read more…
Source: Kaspersky

Related story: APT10: Tracking down LODEINFO 2022, part II