In transient: The Windows occasion log and Event Viewer are supposed to assist customers diagnose safety points and different issues in PCs. However, Kaspersky researchers encountered one hacker who used the occasion log itself towards their goal.
Last week, Kaspersky revealed an in depth evaluation of a posh assault that started final fall. It concerned a mixture of assorted methods and items of software program, however Kaspersky’s safety researchers highlighted the usage of Windows occasion logs as one thing utterly new.
At one stage of the hacking marketing campaign, the attacker inserted shellcode into the goal’s Windows occasion logs. This methodology of storing malware is especially stealthy as a result of it leaves no recordsdata for antivirus to detect.
The marketing campaign additionally concerned a big suite of each industrial and home-brewed software program. It concerned DLL hijacking, a trojan, anti-detection wrappers, net area mimicking, and extra. The attacker even personally signed a few of their customized software program to make it look extra reputable.
The scale and uniqueness of the assault point out it was tailor-made towards a particular goal system. The first step concerned social engineering, through which the attacker satisfied the sufferer to obtain and run a .rar file from the reputable file-sharing web site file.io in September. If nothing else, this must be a reminder towards clicking on hyperlinks from strangers, a lot much less downloading and operating recordsdata from them.
Kaspersky could not hyperlink the assault to any recognized suspects, or decide its final function. However, the researchers instructed BleepingComputer that comparable assaults often goal to seize priceless knowledge from their targets.