This is not the first time that Earth Longzhi has leveraged the BYOVD technique, and its attacks against organizations in East and Southeast Asia and Ukraine date back to November 2022.
According to the company’s research, earth longzhi remains active and continues to improve its tactics, techniques, and procedures.
Back in November 2022, security researchers Ted Lee and Hara Hiroaki published a detailed description of the exploits they’ve deployed using the RTCore64.sys driver to restrict the execution of security products.
If the stack size is too large, the driver will trigger a stack overflow exception and terminate the current process.
What’s more, the payload is installed as a kernel-level service using Remote Procedure Call (RPC) instead of Windows APIs to evade detection.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply