BleepingComputer reports that Chinese state-sponsored advanced persistent threat group Cicada, also known as APT10, has launched new attacks targeting Japanese entities with a novel LODEINFO malware version through the exploitation of legitimate K7Security Suite software.
Japan-based media groups, public sector and government organizations, think tanks, and diplomatic entities have been subjected to new APT10 attacks involving a spear-phishing email that includes a RAR archive and facilitates DLL side-loading vulnerability exploitation since March, a Kaspersky report showed.
Storage of the malicious DLL in the same folder as the legitimate executables would prompt the loading of the DLL with the LODEINFO malware.
The report also showed the discovery of another malware variant that relied on file-less downloader shellcode, with the macro code leveraged for shellcode injection and loading into the WINWORD.exe process.
Six new LODEINFO versions have been released this year alone, with the latest iteration v0.6.3 having omitted 10 unneeded commands to bolster backdoor efficiency.