Security

Revamped DLL side-load attack hits Myanmar

Sophos reckons Chinese gangs are behind attack it's charmingly chosen to name 'KilllSomeOne'


Security vendor Sophos has suggested Chinese purveyors of advanced persistent threats (APTs) are behind a recent wave of attacks on non-governmental organisations and other commercial entities in Myanmar.

The attack, which Sophos has given the charming moniker "KilllSomeOne", is a DLL side-loading attack that tricks Windows executables into loading a malicious DLL instead of a real one. The dirty DLLs attempt information exfiltration.

Sophos said it's seen the tactic since at least 2013, initially in the hands of Chinese APT gangs. But this iteration carries a new payload that "stands out because the threat actors used several plaintext strings written in poor English with politically inspired messages in their samples."

The security vendor rated the attack as a "different spin" on previous DLL side-loading attacks so worth knowing about to stay on top of such threats.

Internet blackout of Myanmar States that are home to ethnic minorities enters second year

READ MORE

Sophos further suggested the attackers have used the kind of targeting and deployment tactics typical of a sophisticated group, but the kind of simple code, weak crypto and hidden messages that bespeak the actions of script kiddies.

But the company did not address why a Chinese gang would go to the trouble of tweaking an attack to hassle institutions in Myanmar, a nation only recently emerged from years of rule by a military junta and ranked as the planet's 67th or 68th largest economy.

One possible motive is the usual desire to acquire passwords to bank accounts and other easy routes to cash.

Another, if one subscribes to the theory that Chinese APT groups are state-sponsored, is that China wishes to express some displeasure at Myanmar's recent acceptance of the gift of a working submarine from India. One of the reasons China courts Myanmar is that the latter nation has a coast on the Bay of Bengal. China is dependent on oil shipments traversing that body of water, so would not be thrilled that Myanmar has tooled up in ways that could make it harder to defend its interests in the region.

However, Myanmar has also recently backed China's change of legal arrangements in Hong Kong and forged closer economic ties, making a little unattributable cyber-action against non-government targets perhaps a way to send a subtle message. ®

Send us news
Post a comment

China could be doing better at censorship, think tank finds

Complex overlapping bureaucracy sometimes lacks the funds and skills to do it right

How did China get so good at chips and AI? Congressional investigation blames American venture capitalists

Capitalism made communism stronger

Where there's a will, there's a way to get US chips into China

Buy 'em, rent 'em, smuggle 'em – export restrictions don't cover illegitimate means

India weighs 18 bids to build subsidized local chip factories

PLUS: Rideshare mega-merger mooted; France raids Huawei; Mongolia plans first satellite

Someone had to say it: Scientists propose AI apocalypse kill switches

Better visibility and performance caps would be good for regulation too

Chinese Coathanger malware hung out to dry by Dutch defense department

Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions

North Korea running malware-laden gambling websites as-a-service

$5k a month for the site. $3k for tech support. Infection with malware and funding a despot? Priceless

China's Volt Typhoon spies broke into emergency network of 'large' US city

Jeez, not now, Xi. Can't you see we've got an election and Ukraine and Gaza and cost of living and layoffs and ...

US says China's Volt Typhoon is readying destructive cyberattacks

12 international govt agencies sound the alarm, critical infrastructure at the heart of threats

Crime gang targeted jobseekers across Asia, looted two million email addresses

That listing for a gig that looked too good to be true may have been carrying SQL injection code

Alibaba Cloud posts modest growth, mostly thanks to other Alibaba business units

Customers from beyond the Chinese giant are being let go if they've signed for low-margin contracts

Volt Typhoon not the only Chinese crew lurking in US energy, critical networks

Presumably American TLAs are all over Beijing's infrastructure, too ... right?