Researchers have identified new cyber-espionage activity focusing on government entities, state-owned aerospace and defense firms, telecom companies, and IT organizations in multiple Asian countries.
The attackers have employed a broad range of legitimate tools in these attacks, including the use of dynamic-link library (DLL) side-loading to deliver the malicious code. They've specifically targeted old and outdated versions of security solutions, graphics software, and web browsers that lack mitigations for DLL side-loading attacks.
One of the other tools deployed by the attackers is a previously unknown information stealer, Logdatter, whose capabilities include keylogging, taking screenshots, connecting to and querying SQL databases, code injection, downloading files, and stealing clipboard data.
These attacks have been underway since early 2021 and are still ongoing. It is unknown precisely who is behind the espionage campaigns, but they have been associated with the "ShadowPad" remote access trojan (RAT).
Acronis Cyber Protect Cloud uses software inventory collection and patch management capabilities to help to keep your protected systems updated, and identifies and blocks malicious payloads with its advanced behavioral detection engine.
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 2,000 employees in 45 locations. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by 18,000 service providers to protect over 750,000 businesses.