An example of cyberattack
In recent years, the level of cyber-crime has been steadily increasing throughout the world. The development of the Internet and the digital transformation of society is a “double-edged sword”, because all this gives certain opportunities for criminals.
Vasily Berdnikov, Dmitry Karasovsky, Alexei Shulmin wrote an article in which they talk about how cyber-spies achieve their goals with the help of cheap tools and careful “aiming”.
They write that the bulk uses 0-day vulnerabilities, but sometimes it’s much simpl. As they discovered a malicious campaign, which was called mikroini. In this harmful campaign does not use fundamentally new technologies. At the same time in the arsenal of intruders are:
1. A watering hole attack with a Microsoft Office exploit;
2. Fileless storage of the main set of malicious functions (i.e., the shellcode) and the add-on modules;
3. Invasion into a system process without injecting code into its memory;
4. DLL hijacking applied to a system process as a means of ensuring automatic launch that does not leave any traces in the registry’s autorun keys.
More information on this topic can be found in this article.