#dll-side-loading

[ follow ]
#spear-phishing #mustang-panda #cybersecurity #malware #threat-intelligence #social-engineering
Information security
fromThe Hacker News
5 days ago

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A new threat cluster UAT-10362 targets Taiwanese NGOs and universities with Lua-based malware LucidRook via spear-phishing campaigns.
Information security
fromSecuritymagazine
1 month ago

The Great Security Culture Shift: Building a Proactive Defense in an Era of Advanced Threats and Social Engineering

Hackers exploit DLL side-loading on trusted platforms like LinkedIn to deliver malware through seemingly legitimate file attachments, bypassing traditional security defenses and compromising entire corporate networks.
Information security
fromThe Hacker News
1 month ago

UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

A new threat group UAT-10027 targets U.S. education and healthcare sectors with Dohdoor, a DNS-over-HTTPS backdoor enabling stealthy command-and-control communications and secondary payload execution.
Information security
fromThe Hacker News
2 months ago

Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks

Mustang Panda uses an updated COOLCLIENT backdoor in 2025 to steal comprehensive data from infected endpoints, deployed alongside PlugX and LuminousMoth.
Information security
fromTechzine Global
2 months ago

New Windows backdoor emerges in ransomware attack

PDFSider is a stealthy Windows backdoor deployed via social engineering and DLL side-loading to provide persistent, encrypted access and data exfiltration over DNS.
Information security
fromThe Hacker News
2 months ago

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

A Chinese state-sponsored group used politically themed lures and DLL side-loading to deploy the LOTUSLITE backdoor against U.S. government and policy entities.
Information security
fromThe Hacker News
2 months ago

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Malware campaign exploits DLL side-loading in GitKraken's ahost.exe by pairing a malicious libcares-2.dll to bypass signatures and deliver multiple trojans and stealers.
Information security
fromThe Hacker News
3 months ago

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

UAC-0184 uses Viber to distribute malicious ZIPs containing LNK files that deploy Hijack Loader and enable Remcos RAT intrusions against Ukrainian military and government targets.
fromThe Hacker News
4 months ago

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks. "These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for security teams," ReliaQuest said in a report shared with The Hacker News.
Information security
Information security
fromTechzine Global
5 months ago

EU diplomats targeted by Chinese attackers via Windows exploit

UNC6384 (Mustang Panda) targeted European diplomatic and defense entities using ZDI-CAN-25373 .lnk exploits to deploy PlugX RAT via DLL side-loading.
fromThe Hacker News
5 months ago

Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network

Salt Typhoon, also known as Earth Estries, FamousSparrow, GhostEmperor, and UNC5807, is the name given to an advanced persistent threat actor with ties to China. Known to be active since 2019, the group gained prominence last year following its attacks on telecommunications services providers, energy networks, and government systems in the U.S. The adversary has a track record of exploiting security flaws in edge devices, maintaining deep persistence, and exfiltrating sensitive data from victims in more than 80 countries across
Information security
Information security
fromThe Hacker News
6 months ago

From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware

China-aligned UTA0388 conducts multilingual, tailored spear-phishing campaigns delivering Go-based GOVERSHELL backdoor via DLL side-loading to targets across North America, Asia, and Europe.
Information security
fromThe Hacker News
6 months ago

Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware

Confucius targeted Pakistan using spear-phishing and malicious files to deploy WooperStealer and the Python backdoor Anondoor via DLL side-loading.
Information security
fromThe Hacker News
7 months ago

Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries

APT28 deployed an Outlook VBA backdoor called NotDoor that monitors emails for a trigger to exfiltrate data, upload files, execute commands, and persist via DLL side-loading.
fromThe Hacker News
7 months ago

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger

Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of next-stage payloads ranging from information stealers to remote access trojans since November 2024. Some of the notable malware families distributed using QuirkyLoader include Agent Tesla, AsyncRAT, Formbook, Masslogger, Remcos RAT, Rhadamanthys Stealer, and Snake Keylogger. IBM X-Force, which detailed the malware, said the attacks involve sending spam emails from both legitimate email service providers and a self-hosted email server.
Information security
[ Load more ]