MuddyWater: DLL sideloading in campaign targeting 9 countries

Colleagues, note: MuddyWater conducted a campaign against organisations in nine countries.
Symantec/Carbon Black and Broadcom report attackers used DLL sideloading via signed fmapp.exe and sentinelmemoryscanner.exe.
Modules used ChromElevator to steal browser data; node.exe→PowerShell chains conducted reconnaissance and exfiltration, posting data to public services.
Targets included industry, electronics, airports, financial services and government; in one case intrusion lasted a week.
Why it matters: these techniques bypass signatures — behavioural detection and control over signed-process execution are needed.
What practices do you use to monitor and restrict such binaries?
#кибербезопасность #APT #DLLsideloading #threatintelligence


Latest comments
No comments yet.