Hackers now utilize AppDomain Injection to drop CobaltStrike beacons
A wave of attacks that began in July 2024 count on a less typical strategy called AppDomain Manager Injection, which can weaponize any Microsoft.NET application on Windows.
The method has actually been around because 2017, and several proof-of-concept apps have actually been launched for many years. It is usually utilized in red group engagements and seldomly observed in harmful attacks, with protectors not actively monitoring it.
The Japanese department of NTT has actually tracked attacks that end with releasing a CobaltStrike beacon that targeted federal government companies in Taiwan, the military in the Philippines, and energy companies in Vietnam.
Strategies, strategies, and treatments, and infrastructural overlaps with current AhnLab reports and other sources, recommend that the Chi...