Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

Revamped DLL side-load attack hits Myanmar

Sophos reckons Chinese gangs are behind attack it's charmingly chosen to name 'KilllSomeOne'

Simon Sharwood Thu 5 Nov 2020  //  02:02 UTC

Security vendor Sophos has suggested Chinese purveyors of advanced persistent threats (APTs) are behind a recent wave of attacks on non-governmental organisations and other commercial entities in Myanmar.

The attack, which Sophos has given the charming moniker "KilllSomeOne", is a DLL side-loading attack that tricks Windows executables into loading a malicious DLL instead of a real one. The dirty DLLs attempt information exfiltration.

Sophos said it's seen the tactic since at least 2013, initially in the hands of Chinese APT gangs. But this iteration carries a new payload that "stands out because the threat actors used several plaintext strings written in poor English with politically inspired messages in their samples."

The security vendor rated the attack as a "different spin" on previous DLL side-loading attacks so worth knowing about to stay on top of such threats.

Internet blackout of Myanmar States that are home to ethnic minorities enters second year

READ MORE

Sophos further suggested the attackers have used the kind of targeting and deployment tactics typical of a sophisticated group, but the kind of simple code, weak crypto and hidden messages that bespeak the actions of script kiddies.

But the company did not address why a Chinese gang would go to the trouble of tweaking an attack to hassle institutions in Myanmar, a nation only recently emerged from years of rule by a military junta and ranked as the planet's 67th or 68th largest economy.

One possible motive is the usual desire to acquire passwords to bank accounts and other easy routes to cash.

Another, if one subscribes to the theory that Chinese APT groups are state-sponsored, is that China wishes to express some displeasure at Myanmar's recent acceptance of the gift of a working submarine from India. One of the reasons China courts Myanmar is that the latter nation has a coast on the Bay of Bengal. China is dependent on oil shipments traversing that body of water, so would not be thrilled that Myanmar has tooled up in ways that could make it harder to defend its interests in the region.

However, Myanmar has also recently backed China's change of legal arrangements in Hong Kong and forged closer economic ties, making a little unattributable cyber-action against non-government targets perhaps a way to send a subtle message. ®
Send us news
Post a comment

Gone in 40 days: US drops ban on export of chip design tools to China

Vendors have reason to celebrate as geopolitics recalibrate

Suspected Chinese cybersnoop grounded in Italy after US tipoff

Zewei Xu's family reportedly bemused at arrest as extradition tabled

Canada orders Chinese CCTV biz Hikvision to quit the country ASAP

PLUS: Broadband blimps to fly in Japan; Starbucks China put ads before privacy; and more!

UK eyes new laws as cable sabotage blurs line between war and peace

It might be time to update the Submarine Telegraph Act of 1885

China claims breakthroughs in classical and quantum computers

Chipmaker Loongson says server CPUs on par with 2021’s Ice Lake, as local press tout kit to manage 1,024-qubit systems

'Quad' nations launch plan to stop China making critical minerals into Unobtanium

India, Japan, USA and Australia see risks and opportunities in rare earths

China successfully tests hypersonic aircraft, maybe at Mach 12

America recently extended tech export bans specifically to stop Beijing building this sort of thing

Chinese TV uses AI to translate broadcasts into sign language. It’s not going well

Deaf professor who worked on one product says developers won’t listen to feedback – about their products or their tech bro ways

AI-hosted infomercial shifts $7.5 million worth of product in China

PLUS: India tries to untangle TXT marketing opt-ins; China’s AI crackdown succeeds; Australia and Boeing team AWACS, drones; and more!

Huawei's latest notebook shows China is still generations behind in chipmaking

Kirin X90 SoC made on two-year-old 7nm N+2 process

Typhoon-like gang slinging TLS certificate 'signed' by the Los Angeles Police Department

Chinese crew built 1,000+ device network that runs on home devices then targets critical infrastructure

China just two years behind USA on chip design, says White House tech Czar

Expects Huawei to start exporting AI chips soon, creating global fight for tech stack dominance