Summary
A new report from Cybereason reveals that Iranian hackers have been exploiting a security vulnerability in Microsoft's AppDomainManager component to evade detection by Endpoint Detection and Response (EDR) systems. This tactic involves hijacking the AppDomainManager process, which is typically associated with legitimate system activities, allowing malicious actors to execute their payloads without triggering alerts.
The report details several campaigns where Iranian threat groups have used this technique to deliver malware such as MiniUpdate and MiniJunk V2. These operations target various sectors including government, defense, and critical infrastructure in the Middle East and North America.
Key Points
-
Exploitation of AppDomainManager: Hackers are hijacking the AppDomainManager process to run malicious code under the guise of legitimate system processes.
-
Malware Delivery: The campaigns involve delivering malware such as MiniUpdate (a RAT) and MiniJunk V2, which includes social engineering tactics like decoy DLL files.
-
Targeted Sectors: The attacks primarily target government entities, defense organizations, and critical infrastructure in the Middle East and North America.
-
Detection Challenges: By leveraging AppDomainManager, attackers can bypass EDR systems that rely on process monitoring to detect
Read the full article at Cyber Security News
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
