216.73.217.80

Targeting Taiwan & Japan with DLL Implants

· Published 12/05/2025 18:34 · Modified 13/05/2025 08:28

Export JSON

Essential information

Published
12/05/2025 18:34
Modified
13/05/2025 08:28
Tags
2025-05-12 apt cobalt strike dll implants dll sideloading google drive isurus japan multi-stage attack pterois taiwan
Related entities
16 observables, 1 intrusion sets (apt), 7 techniques (mitre), 3 malware, 4 others

Description

A newly discovered campaign dubbed Swan Vector is targeting educational institutes and mechanical engineering industries in and . The attack uses a sophisticated multi-stage infection chain involving malicious LNK files, ( and ), and payloads. The threat actor employs various evasion techniques including API hashing, direct syscalls, , and self-deletion. is abused as a command-and-control server. While attribution remains uncertain, similarities with Winnti, Lazarus, and APT10 techniques have been observed. The campaign has been active since December 2024 and is expected to continue with new implants targeting additional applications.

External references