VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

MuddyWater: DLL sideloading in campaign targeting 9 countries

MuddyWater: DLL sideloading в кампании против 9 стран

Colleagues, note: MuddyWater conducted a campaign against organisations in nine countries.

Symantec/Carbon Black and Broadcom report attackers used DLL sideloading via signed fmapp.exe and sentinelmemoryscanner.exe.

Modules used ChromElevator to steal browser data; node.exe→PowerShell chains conducted reconnaissance and exfiltration, posting data to public services.

Targets included industry, electronics, airports, financial services and government; in one case intrusion lasted a week.

Why it matters: these techniques bypass signatures — behavioural detection and control over signed-process execution are needed.

What practices do you use to monitor and restrict such binaries?

#кибербезопасность #APT #DLLsideloading #threatintelligence

Latest comments

No comments yet.