SecurityWeek reports that organizations across China have been targeted with attacks using the new SquidLoader malware loader to deliver a Cobalt Strike beacon similarly configured as one used in previous campaigns against Chinese-speaking users.
Intrusions commence with the delivery of phishing emails masking SquidLoader payloads as corporate documents, which when executed triggers several anti-detection techniques, including self-duplication, in-stack encrypted strings, direct syscalls, debugger detection, and Control Flow Graph obfuscation, an analysis from LevelBlue Labs revealed.
While tactics, techniques, and procedures leveraged in the attack were akin to an advanced persistent threat actor's, researchers noted inadequate evidence to formally make the association.
"Given the success SquidLoader has shown in evading detection, it is likely that threat actors targeting demographics beyond China will start to mimic the techniques used by the threat actor responsible for SquidLoader, helping them to to elude detection and analysis on their unique malware samples," said LevelBlue Labs.