East Asian government agencies came under siege when attackers targeted several servers within their networks. The said attackers, who showed familiarity and in-depth knowledge of their agencies’ network topology, tools, and software, were able to gain access to their targeted servers and install malware. After which, they used the compromised servers not only as gateways to the rest of the network but also as C&C servers. This particular attack has been active since 2014.
The attackers tried to maintain their presence in the network by modifying applications installed in the servers. Certain files in the said applications—mostly productivity, security, and system utility apps—were tampered to load malicious DLL files. The common denominator among these tampered apps is….