CySecurity News – Latest Information Security and Hacking Incidents
An unknown Chinese-speaking advanced persistent threat (APT) has been associated to a new campaign targeting betting firms in South East Asia, specifically Taiwan, the Philippines, and Hong Kong.
The campaign, which Avast dubs Operation Dragon Castling (ODC), is exploiting a security loophole (CVE-2022-24934) in WPS Office to deploy a backdoor on the targeted systems. The vulnerability has since been addressed by Kingsoft Office, the developers of the office software. However, with 1.2 billion WPS Office downloads around the globe, there are likely a high number of systems open to compromise.
According to Avast researchers, the bug was exploited to deploy a malicious binary from a fake update server with the domain update.wps[.]cn that triggers a multi-stage infection chain that leads to the deployment of intermediate payloads and allows for privilege escalation before finally deploying the Proto8 module.
“The core module is a single DLL that is responsible for setting up the malware’s working directory, loading configuration files, updating its code, loading plugins, beacon
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: