Carding 4 Carders
Professional
An unknown group is attacking biomedical corporations, but what is its motive?
A hitherto unknown hacker group is behind a series of attacks targeting manufacturing, IT, and biomedical organizations in Taiwan.
A team of researchers from Symantec attributed these attacks to an APT group called Grayling. According to experts, the malicious campaign began in February of this year and lasted at least until May.
In addition to Taiwanese organizations, government agencies located in the Pacific Islands, as well as organizations in Vietnam and the United States, were also likely targets for this activity.
A special feature of this activity was the use by Grayling hackers of the unique DLL Sideloading technique, which uses a custom decryptor to deploy payloads. "The motivation driving this activity appears to be intelligence gathering," the Symantec report notes.
As the initial point of hacking, the researchers mention the operation of a public infrastructure with the subsequent deployment of web shells for permanent access.
Attack chains actively use the DLL Sideloading technique via SbieDll_Hook for subsequent use of tools such as Cobalt Strike, NetSpy, and Havoc Framework, as well as additional tools like Mimikatz.
DLL Sideloading is a popular method used by various threat actors to bypass security solutions and deceive the Windows operating system in order to execute malicious code on the target endpoint.
"After gaining initial access to the victims' computers, attackers take various actions, including elevating privileges, scanning the network, and using boot loaders, " Symantec said.
It is worth noting that the use of DLL Sideloading in relation to SbieDll_Hook and SandboxieBITS.exe This was previously observed in the case of the Naikon APT group in attacks on military organizations in Southeast Asia. However, no intersections were found between Grayling and Naikon.
To date, there is no evidence that Grayling hackers exchanged or sold information obtained during their operation. Experts suggest that the group's motives are more focused on gathering intelligence.
The use of publicly available tools is seen by researchers as an attempt to complicate the process of identifying the source of attacks, while the termination of system processes indicates that evading detection is a priority for these cybercriminals to remain undetected for as long a period of time as possible.
"The heavy focus on Taiwanese organizations indicates that Grayling is likely operating from a region with a strategic interest in Taiwan," Symantec added.
A hitherto unknown hacker group is behind a series of attacks targeting manufacturing, IT, and biomedical organizations in Taiwan.
A team of researchers from Symantec attributed these attacks to an APT group called Grayling. According to experts, the malicious campaign began in February of this year and lasted at least until May.
In addition to Taiwanese organizations, government agencies located in the Pacific Islands, as well as organizations in Vietnam and the United States, were also likely targets for this activity.
A special feature of this activity was the use by Grayling hackers of the unique DLL Sideloading technique, which uses a custom decryptor to deploy payloads. "The motivation driving this activity appears to be intelligence gathering," the Symantec report notes.
As the initial point of hacking, the researchers mention the operation of a public infrastructure with the subsequent deployment of web shells for permanent access.
Attack chains actively use the DLL Sideloading technique via SbieDll_Hook for subsequent use of tools such as Cobalt Strike, NetSpy, and Havoc Framework, as well as additional tools like Mimikatz.
DLL Sideloading is a popular method used by various threat actors to bypass security solutions and deceive the Windows operating system in order to execute malicious code on the target endpoint.
"After gaining initial access to the victims' computers, attackers take various actions, including elevating privileges, scanning the network, and using boot loaders, " Symantec said.
It is worth noting that the use of DLL Sideloading in relation to SbieDll_Hook and SandboxieBITS.exe This was previously observed in the case of the Naikon APT group in attacks on military organizations in Southeast Asia. However, no intersections were found between Grayling and Naikon.
To date, there is no evidence that Grayling hackers exchanged or sold information obtained during their operation. Experts suggest that the group's motives are more focused on gathering intelligence.
The use of publicly available tools is seen by researchers as an attempt to complicate the process of identifying the source of attacks, while the termination of system processes indicates that evading detection is a priority for these cybercriminals to remain undetected for as long a period of time as possible.
"The heavy focus on Taiwanese organizations indicates that Grayling is likely operating from a region with a strategic interest in Taiwan," Symantec added.
