Thai government officials are targeted by a new campaign using DLL side-loading to deploy the Yokai backdoor, highlighting significant cybersecurity vulnerabilities.
The initial attack vector for the Yokai backdoor remains uncertain, but spear-phishing is speculated due to the nature of the lures used.
The attack starts with a RAR archive that contains Windows shortcuts pretending to be important documents, leading to the stealth installation of the backdoor.
Yokai operates by establishing persistence on infected hosts and connects to a command-and-control server to receive further commands from attackers.
Collection
[
|
...
]