Oct 12, 2023NewsroomCyber Attack / Malware
High-profile government and telecom entities in Asia have been targeted as part of an ongoing campaign since 2021 that's designed to deploy basic backdoors and loaders for delivering next-stage malware.
Cybersecurity company Check Point is tracking the activity under the name Stayin' Alive. Targets include organizations located in Vietnam, Uzbekistan, Pakistan, and Kazakhstan.
"The simplistic nature of the tools [...] and their wide variation suggests they are disposable, mostly utilized to download and run additional payloads," it said in a report published Wednesday. "These tools share no clear code overlaps with products created by any known actors and do not have much in common with each other."
What's notable about the campaign is that the infrastructure shares overlaps with that used by ToddyCat, a China-linked threat actor known for orchestrating cyber assaults against government and military agencies in Europe and Asia since at least December 2020.
Attack chains commence with a spear-phishing email that contains a ZIP file attachment with a legitimate executable that leverages DLL side-loading to load a backdoor called CurKeep by means of a rogue DLL dal_keepalives.dll ..
Support the originator by clicking the read the rest link below.
