Скачать или смотреть Operation Dragon Castling suspected APT group hijacks WPS Office updater to target East Asian bettin

Operation Dragon Castling suspected APT group hijacks WPS Office updater to target East Asian bettin

Скачать Operation Dragon Castling suspected APT group hijacks WPS Office updater to target East Asian bettin бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно Operation Dragon Castling suspected APT group hijacks WPS Office updater to target East Asian bettin или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Информация по загрузке:

Cкачать музыку Operation Dragon Castling suspected APT group hijacks WPS Office updater to target East Asian bettin бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео Operation Dragon Castling suspected APT group hijacks WPS Office updater to target East Asian bettin

Presented at the VB2022 conference in Prague, 28 - 30 September, 2022.
↓ Slides: N/A
↓ Paper: https://www.virusbulletin.com/uploads...
→ Details: https://www.virusbulletin.com/confere...

✪ PRESENTED BY ✪

• Luigino Camastra (Avast)
• Igor Morgenstern (Avast)

✪ ABSTRACT ✪

Operation Dragon Castling is a suspected APT supply chain attack against East Asian betting companies that exploited a previously unknown vulnerability in WPS Office updater to deliver malware to target Microsoft Windows systems.

In this presentation, we will discuss how we saw strange DNS resolution requests for a domain related to WPS Office, but that was not part of WPS Office’s infrastructure. Our investigation into these resolution requests showed they were being made from devices running WPS Office, devices belonging to East Asian betting companies. Seeing this, we suspected we had found a supply chain attack against WPS Office, though we were unable to identify the infection vectors at first.

We investigated further and found that one of the systems issuing the unusual DNS resolution requests contained several malicious DLLs loaded by side-loading. One of these DLLs was a robust and modular core module written in C++. Aside from being used for privilege escalation and persistence, it also provided backdoor access to infected devices.

After more investigating, we found two infection vectors. In the first case, the attacker sent an email with an infected installer to the support team asking them to check for a bug in their software. The second case was more interesting – we presume that the attacker hijacked the WPS updater by exploiting a previously unknown vulnerability. We discovered a new vulnerability (CVE-2022-24934) in the WPS Office updater, wpsupdate.exe.

The WPS updater is a part of the WPS Office installation, which has more than 1.2 billion installations around the world. This attack showed a vulnerability that put those users at risk.

We have contacted the WPS Office team about the vulnerability (CVE-2022-24934), and it has since been fixed.

Комментарии

Информация по комментариям в разработке