New Nebulae Backdoor Linked with the NAIKON Group


China-based group is hacking Asia-Pacific governments.

DLL hijacking is a malware execution technique that hardly needs any introduction. But while spotting DLL hijacking vulnerabilities would get mots security researchers bounty or a mention in a hall of fame, our investigation of sideloading techniques in several vulnerable applications led to the discovery of a long-running operation of a notorious APT group known as NAIKON.

Unlike previous NAIKON operations, the one documented in the whitepaper below features a secondary backdoor that has an important role in persistence. We called it Nebulae.

Read more…