APT-C-20 Uses Steganography to Deploy Fileless C# Backdoor
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
APT-C-20, also known as Fancy Bear or APT28, has launched a new intrusion campaign utilizing advanced techniques to evade detection. The group employs LSB steganography to hide shellcode within PNG images, allowing them to execute a fileless C# remote-control Trojan. This method leverages weaponized Office documents that deploy a COM-hijacking DLL to facilitate the attack. The backdoor communicates through legitimate cloud storage services, enhancing its stealth. The campaign reflects the group's ongoing evolution in cyber tactics, focusing on stealth and evasion. Organizations using vulnerable Office applications and cloud storage services are at risk. The full scope of the impact is still being assessed as the campaign is ongoing.
Key Points: • APT-C-20 uses LSB steganography to hide malicious code in PNG images. • The attack employs a fileless C# backdoor that avoids traditional malware detection. • Organizations using vulnerable Office documents and cloud services are at risk.