APT10 uses LOADINFO malware to attack Japanese Organizations
The Chinese Cicada hacking group, known as APT10, was found exploiting security software to deploy a new variant of the LODEINFO malware against Japanese companies.
The victim organizations include media groups, government, and public sector organizations, think tanks, and diplomatic agencies in Japan, all lucrative targets for cyberespionage.
As per Kaspersky analysts who have been keeping tabs on APT10’s operations in Japan since 2019, the malicious actors are continuously advancing their exploitation techniques and custom backdoor, ‘LODEINFO,’ to make it difficult for experts to detect.
Kaspersky published two reports, one showing APT10’s exploit chain tactics and the second highlighting the evolution of LODEINFO.
Exploiting security software
The hunt started in March 2022, Kaspersky found that APT10 cyberattacks in Japan started using a new infection vector, consisting of a spear-phishing mail, a self-extracting (SFX) RAR file, and exploiting a DLL side-loading vulnerability in security software.
The RAR archive consists of the legitimate K7S
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: