Kowatek Solar LTD
Dongfang delivers heliostats for the highest altitude CSP Project in Tibet
18:13
Dongfang delivers heliostats for the highest altitude CSP Project in Tibet
Australia awards 1.9GW of renewables under CIS Tender 5
08:38
Australia awards 1.9GW of renewables under CIS Tender 5
Beyond deployment: Building a circular future for renewable energy
07:13
Beyond deployment: Building a circular future for renewable energy
“There has never been more acreage”
04:13
“There has never been more acreage”
Silicon Ranch launches cattle-compatible agrivoltaics technology
14:25
Silicon Ranch launches cattle-compatible agrivoltaics technology
Key Chinese Molten Salt Storage Tank Manufacturers
06:08
Key Chinese Molten Salt Storage Tank Manufacturers
18:12
Why Chile is ideal for deploying the solar sulfur cycle for green copper
$3.2 Million Awarded For Tribal Solar Projects
12:07
$3.2 Million Awarded For Tribal Solar Projects
Missed The May Battery Rebate Cutoff? Here’s What To Do
07:55
Missed The May Battery Rebate Cutoff? Here’s What To Do
1GWh+ of BESS progress by re:cap, Flower, Goldbeck and others
04:27
1GWh+ of BESS progress by re:cap, Flower, Goldbeck and others

Earth Longzhi Uses “Stack Rumbling” to Disable Security Software

Cybersecurity researchers at Trend Micro have discovered a new campaign by Earth Longzhi targeting organizations based in Taiwan, Thailand, the Philippines, and Fiji.

As described in an advisory published Tuesday, the campaign relies on the Windows Defender executable to sideload DLLs while exploiting vulnerable drivers to bring in a vulnerable driver (BYOVD). ) method to disable security products installed on the host machine. .

“We also learned that Earth Longzhi used a new method of disabling security products. This technique is called “stack It’s called rambling. Trend Micro researchers Ted Lee and his Hara Hiroaki explained:

The campaign also observed the attackers installing drivers as kernel-level services via Microsoft Remote Procedure Calls (RPC) instead of leveraging traditional Windows APIs (Application Programming Interfaces).

“This is a clever way to circumvent typical API monitoring. Our research not only identified potential targets for Earth Longzhi, but also several including information on techniques that may be used in future campaigns. We also found some interesting samples.”

During our research, Trend Micro analyzed two separate Earth Longzhi campaigns that took place between 2020 and 2022. Gangs are subgroups of APT41.

More information on APT41 can be found here.

“This follow-up article to our previous report is intended to inform readers that Earth Longzhi continues to circulate and that improved TTPs are to be expected,” the company wrote. “While the samples we collected are similar to test files, they are still useful because they contain information about potential Chikyu Ryuji targets and new technologies that may be employed in the future.”

According to observed files, the team speculated that Chikyuryushi may target Vietnam and Indonesia in future campaigns.

“Notably, this group may be abusing Task Scheduler to elevate privileges and increase persistence. This is a new technique that may be used in future campaigns. said Lee and Hiroaki. “Another notable insight is that attackers tend to use open source projects to implement their own tools.”

The Trend Micro team added that there is evidence to suggest the group is improving its toolset during periods of inactivity.

“With this knowledge in mind, organizations should remain vigilant against the continued development of new stealth schemes by cybercriminals.”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us