Targeting Taiwan & Japan with DLL Implants
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A newly discovered APT campaign dubbed Swan Vector is targeting educational institutes and mechanical engineering industries in Taiwan and Japan. The attack uses a sophisticated multi-stage infection chain involving malicious LNK files, DLL implants (Pterois and Isurus), and Cobalt Strike payloads. The threat actor employs various evasion techniques including API hashing, direct syscalls, DLL sideloading, and self-deletion. Google Drive is abused as a command-and-control server. While attribution remains uncertain, similarities with Winnti, Lazarus, and APT10 techniques have been observed. The campaign has been active since December 2024 and is expected to continue with new implants targeting additional applications.
OPENCTI LABELS :
apt,cobalt strike,dll sideloading,japan,taiwan,multi-stage attack,isurus,pterois,dll implants,google drive
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Targeting Taiwan & Japan with DLL Implants