Symantec researchers have disclosed that the hacking group Winnti hacked into the networks of Hong Kong government agencies for a year. The hackers used different variants of the Spyder Loader backdoor to target their targets. In the early stages of the infection, the Spyder Loader loaded AES-encrypted blocks of data to create the next stage payload, wlbsctrl.dll. The attackers also deploy Mimikatz, a malicious program that steals passwords, to dig deeper into the victim’s network. The researchers believe that the main goal of the attackers is to gather intelligence.
This article is reprinted from: https://www.solidot.org/story?sid=73096
This site is for inclusion only, and the copyright belongs to the original author.