• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers uncover grayling apt's ongoing attack campaign across industries

Researchers Uncover Grayling APT’s Ongoing Attack Campaign Across Industries

You are here: Home / General Cyber Security News / Researchers Uncover Grayling APT’s Ongoing Attack Campaign Across Industries
October 10, 2023

A previously undocumented risk actor of unfamiliar provenance has been linked to a variety of attacks focusing on organizations in the production, IT, and biomedical sectors in Taiwan.

The Symantec Danger Hunter Team, aspect of Broadcom, attributed the attacks to an advanced persistent menace (APT) it tracks less than the identify Grayling. Evidence shows that the marketing campaign started in February 2023 and continued until finally at least Could 2023.

Also very likely targeted as aspect of the exercise is a government company situated in the Pacific Islands, as very well as entities in Vietnam and the U.S.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

“This exercise stood out because of to the use by Grayling of a exclusive DLL facet-loading procedure that utilizes a custom made decryptor to deploy payloads,” the company reported in a report shared with The Hacker Information. “The motivation driving this action seems to be intelligence gathering.”

The initial foothold to victim environments is said to have been accomplished by exploiting community-facing infrastructure, followed by the deployment of web shells for persistent entry.

The attack chains then leverage DLL aspect-loading by using SbieDll_Hook to load a wide variety of payloads, such as Cobalt Strike, NetSpy, and the Havoc framework, along with other instruments like Mimikatz. Grayling has also been observed killing all procedures stated in a file identified as processlist.txt.

DLL facet-loading is a popular technique used by a variety of threat actors to get close to security options and trick the Windows operating procedure into executing malicious code on the target endpoint.

This is usually completed by positioning a malicious DLL with the identical identify as a reputable DLL made use of by an application in a place the place it will be loaded prior to the real DLL by taking benefit of the DLL look for buy system.

Cybersecurity

“The attackers get several steps the moment they obtain original obtain to victims’ desktops, together with escalating privileges, network scanning, and utilizing downloaders,” Symantec stated.

The use of DLL side-loading with regard to SbieDll_Hook and SandboxieBITS.exe was previously observed in the circumstance of Naikon APT in attacks targeting navy corporations in Southeast Asia.

There is no evidence to counsel that the adversary has engaged in any kind of knowledge exfiltration to day, suggesting the motives are geared additional toward reconnaissance and intelligence accumulating.

The use of publicly obtainable resources is seen as an attempt to complicate attribution attempts, while method termination implies detection evasion as a precedence for remaining under the radar for extended durations of time.

“The heavy focusing on of Taiwanese corporations does indicate that they most likely run from a location with a strategic curiosity in Taiwan,” the corporation extra.

Observed this report attention-grabbing? Adhere to us on Twitter  and LinkedIn to read through more exclusive information we article.


Some elements of this posting are sourced from:
thehackernews.com

Previous Post: «new magecart campaign alters 404 error pages to steal shoppers' New Magecart Campaign Alters 404 Error Pages to Steal Shoppers’ Credit Cards
Next Post: New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise new report: child sexual abuse content and online risks to»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.