Wednesday, April 8, 23:10
Home security APT10 hackers return with new loaders and new versions of payloads

APT10 hackers return with new loaders and new versions of payloads

The Chinese team hackers, known as APT10, uses two new malware loaders and new versions of known payloads to launch attacks on governmental and private organizations in Southeast Asia.

The APT10 team appeared in 2009. Since then, he has done several things attacks. In April of 2017, some security experts unveiled a big hacking campaign, known as Operation Cloud Hopper. The campaign targeted many agencies and companies around the world.

In July of 2018, FireEye detected new attacks by the APT10 team, where hackers were sending phishing emails to company employees who contained puzzled Word files to install UPPERCUT backdoor victims' systems.

In September of 2018, APT10 hackers organized a campaign targeting the Japanese media. However, the researchers from FireEye managed to discover it and block it.

Recent attacks by the APT10 team took place in April of 2019 and were identified by researchers enSilo. Researchers have found that hackers have used modified versions of known malware.

Experts linked the April attacks with the Chinese espionage team, as the two variants of loaders and payloads, analyzed, use similar Tactics, Techniques, Procedures (TTPs). They also use code associated with APT10.

- Advertisement -

The two loaders carry different payloads to the victims, however, both variants install the following files:

jjs.exe - legally executable, JVM-based javascript as part of the Java platform, which functioned as a malware loader.
jli.dll - malicious DLL file
msvcrt100.dll - Legal Microsoft Runtime DLL
svchost.bin - binary file

Both variants serve various payloads, including PlugX and Quasar RAT, which allow remote access to systems.

According to surveys, the payloads used by hackers in their latest attacks are still under development.

Experts conclude that although the two variants of the loader have some differences, however, they use the same decryption and transmission mechanism of the malicious code.

More technical details from enSilo.

Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Please enter your comment!
Please enter your name here


OTEAcademy: Telecommunication Program for Scientists & Freelancers, affected by COVID-19

OTEAcademy participates in the special telecommunication program - certification for scientists and freelancers affected by COVID-19.

Facebook wanted to buy Pegasus Spyware to track Apple users

According to NSO CEO Shalev Hulio, Facebook tried to buy ...

7 apps to watch movies online at the same time as your friends

According to the recommendations made by governments and health organizations around the world, ...

Tesla's model uses solar energy to move

The designs for a Tesla Roadster, with an engine that uses solar energy, were recently released on the internet and ...

George Soros is pushing for a postal vote due to COVID-19

George Soros pushes for postal voting due to COVID-19: For the purposes of the vote, George Soros-funded Brennan Center ...

Sony: Reveals the new DualSense controller for the PS5!

Together with the fifth model Playstation, PS5, Sony has unveiled the new DualSense space controller, which retains some of the ...

Koronoios: Fraudsters sell blood and saliva from a survivor on the Dark Web

The ad on Own Shop, a store on the Dark Web, claims that someone has been infected with coronavirus and is now selling ...

UbuntuDDE: Ubuntu Linux with Deepin desktop

UbuntuDDE: Ubuntu Linux with Deepin desktop- Have you ever wondered what would happen if you combined the powers ...

Facebook: Launches new chat application for couples due to COVID-19!

As the governments of a large number of countries have taken measures of social distancing and lockdown, in an effort to limit ...

Netflix: Lock your PIN account for more security

Netflix: Lock your PIN account for more security - Netflix, one of the best known ...