Researchers have identified new cyber-espionage activity focusing on government entities, state-owned aerospace and defense firms, telecom companies, and IT organizations in multiple Asian countries.
The attackers have employed a broad range of legitimate tools in these attacks, including the use of dynamic-link library (DLL) side-loading to deliver the malicious code. They've specifically targeted old and outdated versions of security solutions, graphics software, and web browsers that lack mitigations for DLL side-loading attacks.
One of the other tools deployed by the attackers is a previously unknown information stealer, Logdatter, whose capabilities include keylogging, taking screenshots, connecting to and querying SQL databases, code injection, downloading files, and stealing clipboard data.
These attacks have been underway since early 2021 and are still ongoing. It is unknown precisely who is behind the espionage campaigns, but they have been associated with the "ShadowPad" remote access trojan (RAT).
Acronis Cyber Protect Cloud uses software inventory collection and patch management capabilities to help to keep your protected systems updated, and identifies and blocks malicious payloads with its advanced behavioral detection engine.