![]() ![]() This tactic is not new, and Hong Kong pro-democracy organizations have been targeted in the past before, along with other targets in Taiwan. SPIVY would then go to use DLL hijacking techniques to load its malicious code in running OS processes and start a connection with its C&C servers, from where attackers are sending orders and stealing data. If users open these documents, by leveraging a vulnerability in the Microsoft Office package (CVE-2015-2545), attackers are infecting targets with the latest version of the Poison Ivy RAT, nicknamed by Palo Alto as SPIVY. New Poison Ivy version uses DLL hijacking, code obfuscation The emails say the file attachments contain information about recent events, March-April 2016, and range from mandatory courses for school children to details about the Mong Kok riot, and a wreath laying event for the Tiananmen Square massacre. To lure victims into downloading and opening these files, they all have appealing titles for someone involved in freedom campaigns. According to surprised researchers from Palo Alto's Unit42 security forensics team, this RAT has recently received an update and has only been deployed in cyber-espionage campaigns against pro-democracy groups in Hong Kong, who have organized and participated in public protests for the past year.Īccording to the security firm, organizations, and individuals involved in these pro-democracy movements have started to receive spear-phishing emails that contained malicious Word files. On record, the last update Poison Ivy has received is 2.3.2 in 2008. Eight years later, Poison Ivy receives an update Nevertheless, in its heyday, Poison Ivy was one of the criminal underground's top tools, mainly used due to its low antivirus detection rate and its simplistic GUI that allowed even non-technical users to utilize it without too many headaches. In terms of malware age, Poison Ivy (PIVY) is a very very, very old tool. ![]() An RAT (Remote Access Trojan) created at the start of the 2000s and then abandoned in 2008 has received a surprising update and is now being used to target pro-democracy organizations and supporters in Hong Kong.Ĭomputer malware is never effective more than one-two years, mainly due to the rapid evolution of the underlying operating systems. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |