Researchers are scratching their heads when it comes to unmasking a new advanced persistent threat (APT) group targeting non-governmental organizations in the Southeast Asian nation Myanmar (formerly Burma).
Based on crude messages, such as “KilllSomeOne”, used in attack code strings, coupled with advanced deployment and targeting techniques, they say the APT has a split personality.
“The messages hidden in their samples [malware] are on the level of script kiddies. On the other hand, the targeting and deployment is that of a serious APT group,” wrote Gabor Szappanos, author of a Sophos technical brief,
posted Wednesday, outlining what is known about the APT.
Szappanos wrote that the gang relies primarily on a cyberattack technique known as DLL side-loading. This preferred method of attack gained popularity in China in 2013. That fact, coupled with ongoing border-tensions between ethnic Chinese rebels and Myanmar military, suggest that the gang is a Chinese APT, researchers believe.
“While the [DLL side-loading] is far from new—we first saw it used by (mostly Chinese) APT groups as early as 2013, before cybercrime groups started to add it to their arsenal—this particular payload was not one we’ve seen before,” Szappanos wrote.
Four distinct DLL side-loading scenarios deliver either a shell payload (allowing an adversary to run commands on targeted systems) or plant a “complex set of malware” on systems, researchers said.
threatpost.com
