Hackers associated with the Chinese military are leveraging a wide range of legitimate software packages in order to load their malware payloads and target government leaders across Asia, according to the Symantec Threat Hunter team.
The attacks involve a widely-used technique known as Dynamic-link library (DLL) side-loading. The tactic takes advantage of how Microsoft Windows applications handle DLL files and involves malware that places a malicious DLL file in a Windows’ WinSxS directory so that the operating system loads it instead of the legitimate file.
The Symantec Threat Hunter team said the campaign targeted a range of government and state-owned organizations in several Asian countries, including the offices of multiple prime ministers or heads of government.
Government organizations tied to finance, aerospace and defense companies were also targeted alongside state-owned telecoms, IT organizations and media companies.
Dick O’Brien, principal intelligence analyst for the Symantec Threat Hunter team, told The Record that what stood out most to him was how frequently they see this group use DLL side-loading in their attacks.
