Revamped DLL side-load attack hits Myanmar

Security vendor Sophos has suggested Chinese purveyors of advanced persistent threats (APTs) are behind a recent wave of attacks on non-governmental organisations and other commercial entities in Myanmar.

The attack, which Sophos has given the charming moniker “KilllSomeOne”, is a DLL side-loading attack that tricks Windows executables into loading a malicious DLL instead of a real one. The dirty DLLs attempt information exfiltration.

Sophos says that’s a tactic it’s seen since at least the year 2013, initially in the hands of Chinese APT gangs. But this iteration carries a new payload that “stands out because the threat actors used several plaintext strings written in poor English with politically inspired messages in their samples.”

The security vendor rates the attack as a “different spin” on previous DLL side-loading attacks, so worth knowing about to stay on top of such threats.

Buffering icon

Internet blackout of Myanmar States that are home to ethnic minorities enters second year

READ MORE

Sophos further suggests the attackers have used the kind of targeting and deployment tactics typical of a sophisticated group, but used the kind of simple code, weak crypto and hidden messages that bespeak the actions of script kiddies.

But the company does not address why a Chinese gang would go to the trouble of tweaking an attack to attack institutions in Myanmar, a nation only recently-emerged from years of rule by a military junta and ranked as the planet’s 67th-or-68th-largest economy.

One possible motive is the usual desire to acquire passwords to bank accounts and other easy routes to cash.

Another, if one subscribes to the theory that Chinese APT groups are state-sponsored, is that China wishes to express some displeasure at Myanmar’s recent acceptance of the gift of a working submarine from India. One of the reasons China courts Myanmar is that the latter nation has a coast on the Bay of Bengal. China is dependent on oil shipments traversing that body of water, so would not be thrilled that Myanmar has tooled up in ways that could make it harder to defend its interests in the region.

However Myanmar has also recently backed China’s change of legal arrangements in Hong Kong and forged closer economic ties, making a little unattributable cyber-action against non-government targets perhaps a way to send a subtle message. ®