Hijack Execution Flow| attack.mitre.org
An unknown threat cluster, Green Nailao, has been actively targeting European organizations, particularly in the healthcare sector, between June and October 2024. Tracked by Orange Cyberdefense CERT, this campaign exploited CVE-2024-24919 on vulnerable Check Point Security Gateways to deploy ShadowPad and PlugX, two implants linked to China-nexus cyber intrusions. Our reverse-engineering team uncovered a highly obfuscated ShadowPad variant using Windows services and registry keys for persiste...| www.orangecyberdefense.com
Sygnia exposes Velvet Ant, a China nexus threat actor, who infiltrated a network for years. Learn how they hid & Sygnia's fight to eradicate them.| Sygnia
Earlier this year our threat researcher found a DLL hijacking flaw affecting Philips SmartControl (CVE-2020-7360). Our latest blog post combines a write-up of this vulnerability with a general introduction to DLL hijacking for infosec students.| Vonahi Security's Blog