Introducing LevelBlue Labs: Threat Intelligence Team Finds Evasive Loader Targeting Chinese-Speaking Victims
19 Junio 2024 - 7:05AM
Business Wire
LevelBlue threat researchers discover new
“SquidLoader” malware, with advanced techniques to evade debuggers
and static analysis, using Cobalt Strike as a final payload
LevelBlue, a leading provider of managed security services,
strategic consulting, and threat intelligence, today released new
research from LevelBlue Labs, the company’s global team of threat
researchers and data scientists who regularly analyze one of the
largest collections of threat data in the world.
LevelBlue Labs discovered a new malware loader, dubbed
“SquidLoader,” delivered via phishing attachments. The campaign was
first observed in late April 2024, when the team uncovered
SquidLoader using several advanced techniques to avoid being
statically or dynamically analyzed for at least a month. The final
payload is a Cobalt Strike sample, and based on its configuration,
LevelBlue Labs assessed that this same threat actor has been mainly
targeting Chinese-speaking victims sporadically over the past two
years.
“The SquidLoader sample makes a clear effort to avoid detection,
as well as static and dynamic analysis,” said Fernando Dominguez,
Principal Security Researcher at LevelBlue Labs. “We do not have
enough findings to classify this threat actor as an advanced
persistent threat (APT), but the techniques being observed by
SquidLoader are those that are typically used by a persistent
APT.”
To protect from SquidLoader, organizations are advised to use
increased vigilance against phishing attempts, including not
opening attachments or clicking links from untrusted senders. They
should always check that a sender is trusted, who they say they
are, and that the communication is expected, especially if there is
an attachment in the correspondence.
LevelBlue Labs delivers continuous, tactical threat intelligence
that powers LevelBlue’s USM Anywhere platform, helping to better
inform cybersecurity teams and fortify their organizations’
defenses against the latest threats. LevelBlue threat researchers
have unrivaled visibility into the global threat landscape through
insight from analysts at four global Security Operations Center
locations and three global Network Operation Centers operated 24
hours per day and 365 days per year.
“LevelBlue Labs’ latest research is yet another example of our
team providing the most timely and tactical threat intelligence on
the market today,” said Sundhar Annamalai, President of LevelBlue.
“Our continuously updated, integrated threat intelligence helps
cybersecurity teams quickly prioritize and address the most
critical threats targeting their business – ultimately minimizing
noise, false alarms and burnout.”
For more information on SquidLoader, please read the full
technical blog here. For more details on LevelBlue Labs and how
your organization can be empowered by the team’s threat
intelligence, please click here.
About LevelBlue
We simplify cybersecurity through award-winning managed
services, experienced strategic consulting, threat intelligence and
renowned research. Our team is a seamless extension of yours,
providing transparency and visibility into security posture and
continuously working to strengthen it.
We harness security data from numerous sources and enrich it
with artificial intelligence to deliver real-time threat
intelligence, which enables more accurate and precise decision
making. With a large, always-on global presence, LevelBlue sets the
standard for cybersecurity today and tomorrow. We easily and
effectively manage risk, so you can focus on your business
Welcome to LevelBlue. Cybersecurity. Simplified. Learn more at
www.levelblue.com.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240619937626/en/
Media Contact Jessica Bettencourt Inkhouse for LevelBlue
LevelBlue@inkhouse.com (774) 451-5142