A new, Chinese advanced persistent threat (APT) group making the rounds performs DLL side-loading attacks including the phrase “KilllSomeOne.”
According to Sophos researcher Gabor Szappanos, the group — suspected to be of Chinese origin — is targeting corporate organizations in Myanmar using poorly-written English messages relating to political subjects.
Side-loading utilizes DLL spoofing to abuse legitimate Windows processes and execute malicious code. While nothing new, Sophos said in a blog post on Wednesday that this APT combines four separate types of side-loading attack when carrying out targeted campaigns.
Each attack type is connected by the same program database (PDB) path, and some of the samples recorded and connected to the cybercriminals contain the folder name “KilllSomeOne.”
See also: Promethium APT attacks surge, new Trojanized installers uncovered
“Two of these delivered a payload carrying a simple shell, while the other two carried a more complex set of malware,” Sophos says. “Combinations