Group of targeted attacks uses DLL side-loads to "KilllSomeOne"

It is known that DLL-side loading can be used in order to execute the malicious code, disguising the code as legitimate and relying on Windows to execute the code. This technique has been first discovered back in 2013 used by mostly Chinese APT groups. The particular attack however differs from the previously seen, but it also has clear connections to it: in particular the cases share the program database (PDB) path, containing the folder name "KilllSomeOne". Read more...