Revamped DLL side-load attack hits Myanmar
Sophos reckons Chinese gangs are behind attack it's charmingly chosen to name 'KilllSomeOne'
Security vendor Sophos has suggested Chinese purveyors of advanced persistent threats (APTs) are behind a recent wave of attacks on non-governmental organisations and other commercial entities in Myanmar.
The attack, which Sophos has given the charming moniker "KilllSomeOne", is a DLL side-loading attack that tricks Windows executables into loading a malicious DLL instead of a real one. The dirty DLLs attempt information exfiltration.
Sophos said it's seen the tactic since at least 2013, initially in the hands of Chinese APT gangs. But this iteration carries a new payload that "stands out because the threat actors used several plaintext strings written in poor English with politically inspired messages in their samples."
The security vendor rated the attack as a "different spin" on previous DLL side-loading attacks so worth knowing about to stay on top of such threats.
Sophos further suggested the attackers have used the kind of targeting and deployment tactics typical of a sophisticated group, but the kind of simple code, weak crypto and hidden messages that bespeak the actions of script kiddies.
But the company did not address why a Chinese gang would go to the trouble of tweaking an attack to hassle institutions in Myanmar, a nation only recently emerged from years of rule by a military junta and ranked as the planet's 67th or 68th largest economy.
One possible motive is the usual desire to acquire passwords to bank accounts and other easy routes to cash.
Another, if one subscribes to the theory that Chinese APT groups are state-sponsored, is that China wishes to express some displeasure at Myanmar's recent acceptance of the gift of a working submarine from India. One of the reasons China courts Myanmar is that the latter nation has a coast on the Bay of Bengal. China is dependent on oil shipments traversing that body of water, so would not be thrilled that Myanmar has tooled up in ways that could make it harder to defend its interests in the region.
However, Myanmar has also recently backed China's change of legal arrangements in Hong Kong and forged closer economic ties, making a little unattributable cyber-action against non-government targets perhaps a way to send a subtle message. ®