From labs.bitdefender.com
DLL hijacking is a malware execution technique that hardly needs any introduction. But while spotting DLL hijacking vulnerabilities would get mots security researchers bounty or a mention in a hall of fame, our investigation of sideloading techniques in several vulnerable applications led to the discovery of a long-running operation of a notorious APT group known as NAIKON.
Unlike previous NAIKON operations, the one documented in the whitepaper below features a secondary backdoor that has an important role in persistence. We called it Nebulae.