Monday, May 29, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory
  • Login
  • Register
Cloud7
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
No Result
View All Result
Cloud7
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
No Result
View All Result
Cloud7
No Result
View All Result

Home > Cybersecurity > Japanese high profiles were compromised by LodeInfo malware

Japanese high profiles were compromised by LodeInfo malware

LodeInfo, a sophisticated and constantly evolving threat has been abusing a flaw in antivirus software to spread malware against media, diplomatic, government, public sector, and think-tank targets in Japan.


Hanife Diktas Hanife Diktas
November 2, 2022
3 min read
Japanese high profiles were compromised by LodeInfo malware
  • The researchers at Kaspersky disclosed LodeInfo malware that used a flaw in an antivirus program to reach sensitive data from its victims.
  • The malware known as APT10 deceived employees at various organizations in Japan into downloading infected software.
  • The malware developers used four different methods to get into the victims’ devices between March and September 2022.

Cybersecurity researchers at Kaspersky lately spotted Cicada, known as APT10, deceiving employees at several organizations in Japan into downloading a compromised version of the company’s K7Security Suite. Unfortunately, the employees who are deceived end up getting LodeInfo malware in their systems.

Aiming for espionage activities against the targets

The researchers at Kaspersky have been observing the malware since 2019 when it first emerged. They describe the malware as regularly modified and upgraded by its developers to become a more sophisticated cyber-espionage tool while targeting organizations. In their twin blog posts published recently, the researchers said the threat group targets high profiles in Japan particularly aiming for espionage activities.

In the first half of their blog post, the researchers mention the current versions of the malware found, which were v0.6.6 and v0.6.7. The various infection methods were tracked between March and September. The second part discloses an examination of the older versions of the LodeInfo shellcode including v0.5.9, v0.6.2, v0.6.3, and v0.6.5. They were identified in March, April, and June, respectively.

Four different methods of LodeInfo

According to researchers, four different infection methods are used by malware developers to get the LodeInfo backdoor on victim systems.

Method 1; was identified in March and started with a spear-phishing email containing a malicious attachment installing malware persistence modules. These modules were comprised of a legitimate EXE file from the K7Security Suite software used for DLL sideloading, as well as a nasty DLL file loaded via the DLL sideloading technique.

Method 2; used a self-extracting archive (SFX) file in RAR format including three files with self-extracting script commands. As soon as a targeted user executes this SFX file, the archive drops other files and opens a .docx containing just a few Japanese words as a decoy. While showing the decoy file to the user, the archive script starts K7SysMon.exe, which loads the malicious DLL from K7SysMn1.dll.

Method 3; used another SFX file that was first seen spread via a spear-phishing campaign in June. It exploited the name of a well-known Japanese politician and used a self-extracting script and files similar to the previous vector. This initial infection method also contained an additional file that decrypts shellcode for the LodeInfo v0.6.3 backdoor.

Method 4; was observed in June and appears to be a brand-new method that malware developers added this year. This vector used a fileless downloader shellcode dubbed DOWNJPIT, a variant of the LODEINFO malware, delivered by a password-protected Microsoft Word file. The file included malicious macro code different from previously examined samples of LodeInfo. The researchers said;

«Unlike past samples, such as the one described in the Initial Infection #1 section of this article, where the malicious VBA macro was used to drop different components of the DLL sideloading technique, in this case, the malicious macro code injects and loads an embedded shellcode in the memory of the WINWORD.exe process directly. This implant was not present in past activities and the shellcode is also a newly discovered multi-stage downloader shellcode for LODEINFO v0.6.5.»

In their blog posts, Kaspersky researchers defined the several advanced dodging tactics shown in new versions of the malware’s shellcode. They are also outlining how the malware developers are progressing to not be caught. For example, they track publications by security researchers and learn how to update their TTPs and improve their malware. So far it is not known how many organizations were victims of this malware and what was the scale of the harm.

See more Cybersecurity News

A comprehensive guide to understanding Cybersecurity: What is Cybersecurity?


Tags: Kaspersky
Hanife Diktas

Hanife Diktas

Hanife Diktas is a news editor at Cloud7 News. Hanife started her career in the manufacturing sector in the marketing and sales department. Hanife worked in industrial equipment, renewable energy, and technology sectors. Hanife Diktas did her bachelor's degree in business administration and completed a master's degree in management at Yeditepe University in Istanbul, Turkey. Hanife is a Linux user, and she also contributed to AlmaLinux OS at the beginning of the project. Hanife focuses on web hosting, cloud computing, data centers, cybersecurity, Linux OS, and virtualization technologies. Hanife enjoys creating content and shooting videos covering these topics.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
Arch Linux ISO is updated to bring Linux kernel 6.0

Arch Linux 2022.11.01 ISO is updated to bring Linux kernel 6.0

Related News

ChatGPT brings concerns about cybersecurity and search engine rankings

ChatGPT brings concerns about cybersecurity and search engine rankings

May 5, 2023 6:00 pm
Ransomware: Paying the price twice

Ransomware: Paying the price twice

May 5, 2023 4:00 pm
CISA adds 3 more vulnerabilities to its catalogue

CISA adds 3 more vulnerabilities to its catalogue

May 2, 2023 4:20 pm
FIN7 attacks vulnerable Veeam servers

FIN7 attacks vulnerable Veeam servers

May 1, 2023 5:31 pm
Get free daily newsletters from Cloud7 Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Editor's Choice

10 best web hosting services

7 best shared hosting service providers

7 best Linux distros for beginners

7 best Linux distros for gaming

7 best cloud storage services for business

7 best Linux desktop environments

Farewell and gratitude: The journey ends for Cloud7

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Recent News

  • Farewell and gratitude: The journey ends for Cloud7
  • Gcore Partners with Pienso
  • LibreOffice 7.4.7 is now available for download
  • AI-powered automatic time tracking (Podcast #20 w/ Catalina Butnaru)
  • Best file managers for Linux
  • EuroLinux 9.2 is now available for download
  • X3D, or not X3D, that is the question

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Artificial Intelligence
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact Us

© 2023, Cloud7. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory

© 2023, Cloud7. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.