Malware, Threat Intelligence

Attacks with SquidLoader malware hit Hong Kong finance orgs

Hong Kong's financial sector has been targeted with the stealthy SquidLoader malware as part of an attack campaign looking to achieve Cobalt Strike beacon compromise, reports Infosecurity Magazine.

Threat actors leveraged Mandarin spear-phishing emails spoofing financial organizations with an invoice-spoofing RAR archive, which contains a Microsoft Word file-impersonating PE binary that executes SquidLoader, a report from Trellix revealed. Aside from unpacking itself for internal payload decryption and using obfuscated code for critical Windows API resolution, SquidLoader also commences a stack-based structure for operational data storage and runs various routines to circumvent analysis tools before retrieving the Cobalt Strike beacon from a remote command-and-control server. While Hong Kong has been primarily focused by the attack campaign, other SquidLoader samples suggest potentially ongoing intrusions in Australia and Singapore. Organizations have been urged to bolster behavioral analysis, endpoint tracking, and email filtering measures to better combat the threat posed by SquidLoader.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds