An an ongoing cyber attack campaign originating from China is targeting the Southeast Asian gambling sector to deploy Cobalt Strike beacons on compromised systems.
The threat actors abuse Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan executables vulnerable to DLL hijacking to deploy these beacons, the authors write.
The attacks are known to employ modified installers for chat applications to download a .NET malware loader that’s configured to retrieve a second-stage ZIP archive from Alibaba buckets.
The loader is executed through side-loading by legitimate executables which have been infected with malicious DLLs.
The side-loaded DLL files are HUI Loader variants, a custom malware loader commonly used by China-based groups such as APT10, Bronze Starlight, and TA410.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply