New cyberespionage attacks set sights on Asian entities

The Hacker News reports that numerous Asian finance, defense, and aerospace government entities, as well as state-owned telecommunications, media, and IT companies have been targeted in a cyberespionage effort leveraging dynamic-link library side-loading since early last year. Threat actors have been using outdated software without DLL side-loading mitigations to facilitate the loading of payload-executing arbitrary shellcodes, as well as other malicious payloads for credential theft and lateral network movement, according to a report from the Symantec Threat Hunter Team. Researchers have observed that a renamed Mimikatz version was launched in an attack against an education organization using an 11-year-old Bitdefender Crash Handler version. Despite the continued mystery regarding the threat group's identity, researchers discovered that the ShadowPad malware may have been used in its previous attacks. "The use of legitimate applications to facilitate DLL side-loading appears to be a growing trend among espionage actors operating in the region. Although a well-known technique, it must be yielding some success for attackers given its current popularity," said researchers.