Security

Revamped DLL side-load attack hits Myanmar

Sophos reckons Chinese gangs are behind attack it's charmingly chosen to name 'KilllSomeOne'


Security vendor Sophos has suggested Chinese purveyors of advanced persistent threats (APTs) are behind a recent wave of attacks on non-governmental organisations and other commercial entities in Myanmar.

The attack, which Sophos has given the charming moniker "KilllSomeOne", is a DLL side-loading attack that tricks Windows executables into loading a malicious DLL instead of a real one. The dirty DLLs attempt information exfiltration.

Sophos said it's seen the tactic since at least 2013, initially in the hands of Chinese APT gangs. But this iteration carries a new payload that "stands out because the threat actors used several plaintext strings written in poor English with politically inspired messages in their samples."

The security vendor rated the attack as a "different spin" on previous DLL side-loading attacks so worth knowing about to stay on top of such threats.

Internet blackout of Myanmar States that are home to ethnic minorities enters second year

READ MORE

Sophos further suggested the attackers have used the kind of targeting and deployment tactics typical of a sophisticated group, but the kind of simple code, weak crypto and hidden messages that bespeak the actions of script kiddies.

But the company did not address why a Chinese gang would go to the trouble of tweaking an attack to hassle institutions in Myanmar, a nation only recently emerged from years of rule by a military junta and ranked as the planet's 67th or 68th largest economy.

One possible motive is the usual desire to acquire passwords to bank accounts and other easy routes to cash.

Another, if one subscribes to the theory that Chinese APT groups are state-sponsored, is that China wishes to express some displeasure at Myanmar's recent acceptance of the gift of a working submarine from India. One of the reasons China courts Myanmar is that the latter nation has a coast on the Bay of Bengal. China is dependent on oil shipments traversing that body of water, so would not be thrilled that Myanmar has tooled up in ways that could make it harder to defend its interests in the region.

However, Myanmar has also recently backed China's change of legal arrangements in Hong Kong and forged closer economic ties, making a little unattributable cyber-action against non-government targets perhaps a way to send a subtle message. ®

Send us news
Post a comment

How Chinese insiders are stealing data scooped up by President Xi's national surveillance system

'It's a double-edged sword,' security researchers tell The Reg

Beijing wants Chinese outfits to seek alternatives to US silicon

And American components may be in short supply as Middle Kingdom bans rare earth exports

Musk and Trump to fall out in 2025, predicts analyst

Differing China tech policy agendas will send bromance into 'it's complicated' status

China strikes back with Nvidia antitrust probe as US tightens tech chokehold

Beijing cites GPU giant's Mellanox merger conditions from four years ago

China launches first next-gen Long March 12 rocket, christens private spaceport

Won't scare SpaceX as it's not reusable, but will help Beijing do things like launch broadband sats

China launches AI that writes politically correct docs for bureaucrats

PLUS: Politician thought Korea's martial law declaration was a deepfake; Apple finds a billion for Indonesia; China worries about open source intel; and more

China has utterly pwned 'thousands and thousands' of devices at US telcos

Senate Intelligence Committee chair says his 'hair is on fire' as execs front the White House

Telco security is a dumpster fire and everyone's getting burned

The politics of cybersecurity are too important to be left to the politicians

China’s tech giants deliver chips for Ethernet variant tuned to HPC and AI workloads

'Global Scheduling Ethernet' looks a lot like tech the Ultra Ethernet Consortium is also working on

Chinese clouds target small and medium enterprises in APAC in search of growth

Smaller buyers see deep discounts and suddenly worry less about regulatory issues

Severity of the risk facing the UK is widely underestimated, NCSC annual review warns

National cyber emergencies increased threefold this year

Trump tariffs transform into bigger threats for Mexico, Canada than China

America's neighbors now face 25% because of fentanyl and immigration, China just 10% on top of existing duties