Ransomware, Malware, Threat Management

New SILKLOADER malware loader gains traction in Russian, Chinese hackers

More Russian and Chinese hacking operations have been leveraging the new SILKLOADER malware loader that facilitates the delivery of Cobalt Strike in compromised machines through DLL side-loading techniques, according to The Hacker News. SILKLOADER was discovered to be used in widespread attacks against organizations in France, Brazil, and Taiwan during the last quarter of 2022, with the activity believed to facilitate other ransomware attacks due to its similarity with the tactics and techniques leveraged by Play ransomware, a WithSecure report showed. "This loader is being provided either directly to ransomware groups or possibly via groups offering Cobalt Strike/Infrastructure-as-a-Service to trusted affiliates. Most of these affiliates appear to have been part of or have had close working relationships with the Conti group, its members, and offspring after its alleged shutdown," said researchers. WithSecure also shed light on the BAILLOADER loader, which also enables Cobalt Strike deployment and resembles the Tron crypter. "As the cybercriminal ecosystem becomes more and more modularized via service offerings, it is no longer possible to attribute attacks to threat groups simply by linking them to specific components within their attacks," said WithSecure.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.