A conference connecting defense industry professionals in the U.S. and Taiwan has come under attack from malware threat actors.
Researchers with security firm Cyble report that a defense industry event was the target of a fileless malware infection, presumably aimed at collecting intelligence on behalf of the Chinese government.
According to Cyble, the attack stands out because it uses a novel technique to avoid detection. Rather than trying to use exploits or social engineering to put an executable on the target system, this attack instead opts to run in memory by loading up files and performing the attack in real time.
Such attacks, often referred to as “living off the land,” are increasingly popular as they leave little in the way of a footprint and require minimal investment in a malware package or automated exploits.
“The attack commences with a suspicious archive file containing an LNK file disguised as a PDF document,” Cyble explains.
“This deception is designed to trick users into executing the malicious LNK file, which in turn triggers a series of covert actions in the background.”
From there, the attackers look to perform standard intelligence operation activities, logging system data and user activity with the ultimate aim of passing that data on to a remote server likely controlled by someone with government ties.
While the exact name of the threat actor or its government ties could not be made, it’s not hard to figure out who would have an interest in spying on the attendees of a conference focused on the Taiwan and U.S. defense industry.
“Chinese threat actors have a well-documented history of targeting Taiwan, particularly around significant political events,” noted Cyble.
“Despite this pattern, the specific [threat actor] behind the current campaign remains unidentified, and we have not been able to link these tactics, techniques, and procedures (TTPs) to any known threat actor or advanced persistent threat (APT) group at this time.”
With the U.S. set to kick off a contentious presidential election season, it is almost a given that foreign intelligence agencies will be looking to meddle with affairs in hopes of tipping the scales in their favor.
Threat actors are likely to be conducting campaigns that include malware installation, disinformation, and data harvesting.