• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
chinese hackers using new stealthy infection chain to deploy lodeinfo

Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware

You are here: Home / General Cyber Security News / Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware
November 1, 2022

The Chinese state-sponsored danger actor recognised as Stone Panda has been observed using a new stealthy an infection chain in its attacks aimed at Japanese entities.

Targets include things like media, diplomatic, governmental and general public sector organizations and think-tanks in Japan, in accordance to twin reviews published by Kaspersky.

Stone Panda, also named APT10, Bronze Riverside, Cicada, and Potassium, is a cyber espionage group recognized for its intrusions in opposition to corporations identified as strategically major to China. The menace actor is believed to have been lively given that at minimum 2009.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The most current established of attacks, noticed involving March and June 2022, require the use of a bogus Microsoft Term file and a self-extracting archive (SFX) file in RAR structure propagated via spear-phishing emails, major to the execution of a backdoor called LODEINFO.

Whilst the maldoc calls for people to enable macros to activate the killchain, the June 2022 marketing campaign was uncovered to fall this process in favor of an SFX file that, when executed, displays a harmless decoy Phrase document to conceal the malicious activities.

The macro, after enabled, drops a ZIP archive that contains two information, one of which (“NRTOLF.exe”) is a legitimate executable from the K7Security Suite application that’s subsequently made use of to load a rogue DLL (“K7SysMn1.dll”) by means of DLL side-loading.

The abuse of the security software aside, Kaspersky stated it also uncovered in June 2022 a different first an infection strategy wherein a password-safeguarded Microsoft Term file acted as a conduit to produce a fileless downloader dubbed DOWNIISSA upon enabling macros.

“The embedded macro generates the DOWNIISSA shellcode and injects it in the existing method (WINWORD.exe),” the Russian cybersecurity enterprise reported.

DOWNIISSA is configured to talk with a tough-coded distant server, using it to retrieve an encrypted BLOB payload of LODEINFO, a backdoor able of executing arbitrary shellcode, choose screenshots, and exfiltrate documents back to the server.

CyberSecurity

The malware, 1st viewed in 2019, has gone through several enhancements, with Kaspersky recognized six distinct versions in March, April, June, and September 2022.

The adjustments contain enhanced evasion approaches to fly beneath the radar, halting execution on machines with the locale “en_US,” revising the list of supported commands, and extending support for Intel 64-bit architecture.

“LODEINFO malware is up-to-date quite frequently and proceeds to actively concentrate on Japanese corporations,” the scientists concluded.

“The up-to-date TTPs and improvements in LODEINFO and connected malware […] point out that the attacker is specifically concentrated on creating detection, investigation and investigation tougher for security researchers.”

Found this posting attention-grabbing? Stick to THN on Facebook, Twitter  and LinkedIn to read through more special written content we write-up.


Some elements of this posting are sourced from:
thehackernews.com

Previous Post: «major security exploits expected to rise before new year Major security exploits expected to rise before New Year
Next Post: UK’s £6m cyber support package for Ukraine revealed for first time uk's £6m cyber support package for ukraine revealed for first»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.