Attackers Using AppDomain Manager Injection Technique In Recent Cyberattacks

Since July 2024, a series of attacks using AppDomain Manager Injection, a less common technique, have targeted Microsoft .NET applications on Windows. This technique, known since 2017 and typically seen in red team exercises, has surfaced in malicious contexts, catching defenders unprepared. NTT's Japanese division has traced these attacks, culminating in the deployment of a CobaltStrike beacon. Targets included government agencies in Taiwan, the military in the Philippines, and energy organizations in Vietnam. The tactics, techniques, and infrastructure similarities align with recent AhnLab reports, suggesting potential involvement by the Chinese state-sponsored threat group APT 41, though this attribution remains uncertain. Read more...