silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,048
Actors of the APT41 group have been observed by researchers at Trend Micro in a new campaign targeting India, Indonesia, Malaysia, Taiwan, Vietnam, and the Philippines. The sophisticated hackers are using novel shellcode loaders such as ‘StealthVector’ and ‘StealthMutant’, and a new backdoor dubbed ‘ScrambleCross’.
As the technical report reveals, the campaign goes as far back as July 2020, but APT41 has been updating its exploit methods and toolset along the way. The only tool that has remained stable since November 2018 is Cobalt Strike, the widely abused threat emulation software.
The attack vectors are the following:
- SQL injection through a script into the MS SQL Server
- Exploitation of the CVE-2021-26855 (MS Exchange Server ProxyLogon) to upload a malicious web shell
- Addition of the “InstallUtil.exe” installer app into the scheduled tasks
APT41 Now Targeting Southeast Asian Entities With New Shellcode Loaders and Backdoors
APT41 has been spotted to use a new toolset against targets in the Southeast Asia region, exploiting a ProxyLogon vulnerability.
www.technadu.com