How the EU’s new cyber regs could affect ports. NSA and CyberCom chief nominee follows in predecessor’s footsteps. Hate crime grants highlight cybersecurity.
How the EU’s new cyber regs could affect ports. NSA and CyberCom chief nominee follows in predecessor’s footsteps. Hate crime grants highlight cybersecurity. Read More
Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors
Microsoft has fixed a known issue causing 0x80073cf2 errors when using the System Preparation (Sysprep) tool after installing November Windows 10 updates. […] Read More
Blackwood APT Hackers Use DLL Loader to Escalate privilege & Install backdoor
[[{“value”:”
The recent discovery of a new DLL loader associated with the notorious Blackwood APT group has sent shivers down the spines of cybersecurity professionals.
This sophisticated malware, analyzed by SonicWall Capture Labs, targets unsuspecting users in Japan and China, aiming to escalate privileges and establish persistent backdoors for nefarious purposes.
Unveiling the Loader’s Secrets
At first glance, the sample appears unassuming. It’s a 32-bit DLL devoid of obfuscation or encryption, seemingly lacking malicious intent.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
However, a closer examination by researchers reveals its true nature. Strings like “GetCurrentProcessID,” “OpenProcess,” and “VirtualAlloc” hint at its ability to inject malicious code into legitimate processes, silently taking control.
Additionally, file references like “333333333333333.txt” and “Update.ini” spark curiosity, hinting at potential download and configuration mechanisms.
Evasive Maneuvers: Thwarting Analysis
This loader isn’t easily fooled. It employs various anti-analysis techniques to impede the investigation.
It meticulously checks for debuggers, processor features, and security settings, attempting to identify analysis environments.
Additionally, locale checks serve as a final barrier, terminating the process if specific language settings are detected.
These measures demonstrate the developer’s awareness of security tools and their intent to remain undetected.
Once deployed, the loader sheds its cloak and embarks on its malicious mission.
To attempt privilege escalation, it leverages the CMSTPLUA interface, a legitimate Windows component.
This bypasses User Account Control (UAC), a crucial security barrier, granting the malware elevated privileges and unrestricted access to the system.
The ultimate goal of this operation is to establish a persistent backdoor. While the specific details of the backdoor remain undisclosed, its purpose is clear: to facilitate remote communication, data exfiltration, and potentially even command and control capabilities.
This grants the attackers a foothold within the victim’s system, enabling them to monitor communications, steal sensitive data, and potentially launch further attacks.
SonicWall releases MalAgent.Blackwood signature to detect and block the Blackwood DLL loader.
Dropbox’s secure signature service suffers a breach. CISA is set to announce a voluntary pledge toward enhanced security. Five Eyes partners issue security recommendations for critical infrastructure. Microsoft acknowledges VPN issues after recent security updates. LockBit releases data from a hospital in France. One of REvil’s leaders gets 14 years in prison. An Phishing-as-a-Service provider gets taken down by international law enforcement. China limits Teslas over security concerns. In our Threat Vector segment, David Moulton from Unit 42 explores Adversarial AI and Deepfakes with two expert guests, Billy Hewlett, and Tony Huynh. NightDragon founder and CEO Dave Dewalt joins us with a preview of next week’s NightDragon Innovation Summit 2024 at RSAC. And celebrating the 60th anniversary of the BASIC programming language. Read More