Logtu

By Mezo in Backdoors, Advanced Persistent Threat (APT)

Translate To:

Logtu is one of six malware threats deployed as part of a series of attacks against public institutions and military enterprises in multiple Eastern European countries, as well as Afghanistan. These threatening campaigns are attributed to a Chinese-backed APT (Advanced Persistent Threat) group tracked by cybersecurity researchers as TA428. According to the researchers, the threat actors have been able to compromise dozens of targets. The hackers even took over the IT infrastructure of some of their victims, gaining control of systems designed to manage security solutions.

TA428 crafted special spear-phishing lure emails containing data relevant to the targeted entity. In some cases, the attackers even included information that is not publicly available, indicating their commitment to breaching the organization. The hackers may have gathered the data from previous attacks against the target or its employees, as well as from compromised companies working closely with the chosen victims The phishing emails carry weaponized Microsoft Word documents that can leverage the CVE-2017-11882 vulnerability to execute arbitrary code.

Logtu Details

Logtu is among the six malware threats dropped by TA428. It is a threat observed in previous attacks believed to have been carried out by the same APT group. The threat has undergone significant changes, with recent versions avoiding detection via the use of dynamic imports and XOR encrypted function names. As part of its deployment on the breached device, Logtu utilizes a process hollowing technique that loads a corrupted library into a legitimate software process, instead of a system one.

Once fully activated, Logtu can perform a wide range of intrusive functions. It can write data to chosen files, remove files, obtain and exfiltrate file info, launch programs and create processes, make screenshots, obtain a list of registered services and launch specified services and more. The threat is mainly concerned with obtaining specific sets of data pointing toward the goal of the attacks being cyber espionage.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Logtu

Logtu Details

Submit Comment

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen