Several cases were observed where DLL side-loading was used to execute the malicious code. Side-loading is the use of a malicious DLL spoofing a legitimate one, relying on legitimate Windows executables. Learn more on this and other news in this batch of InfoSec articles.

For more articles, check out our #onpatrol4malware blog.

Back to the Future: Inside the Kimsuky KGH Spyware Suite

Source: Cybereason

Kimsuky has been active since at least 2012 and is believed to be operating on behalf of the North Korean regime. The group has a rich and notorious history of offensive cyber operations around the world. Read more.

Ransomware Activity Targeting the Healthcare and Public Health Sector

Source: CISA

The cybercriminal enterprise behind TrickBot, which is likely also the creator of BazarLoader malware, has continued to develop new functionality and tools, increasing the ease, speed, and profitability of victimization. Read more.

APT trends report Q3 2020

Source: SecureList

The summaries are based on GReAT’s threat intelligence research and provide a representative snapshot of what they have published and discussed in greater detail in their private APT reports. Read more.

Turla APT Updates Anti-Detection Tactics

Source: Threat Report

Also known as Waterbug, Venomous Bear and KRYPTON, Turla has been in operation since the early 2000s. The group focuses on espionage, targeting government entities and embassies in up to 100 countries. Read more.

A new APT uses DLL side-loads to “KilllSomeOne”

Source: Sophos

Several cases were observed where DLL side-loading was used to execute the malicious code. Side-loading is the use of a malicious DLL spoofing a legitimate one, relying on legitimate Windows executables. Read more.

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

Source: Palo Alto

The xHunt campaign has been active since at least July 2018 and we have seen this group target Kuwait government and shipping and transportation organizations. Read more.

Hungry for data, ModPipe backdoor hits POS software used in hospitality sector

Source: WeLiveSecurity

Backdoor authors show deep knowledge of the targeted POS software, decrypting database passwords from Windows registry values. Read more.