Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
AI agent executes end-to-end ransomware attack via development platfor...
ICAC Commissioner attends first IAACA European regional anti-corruptio...
Research: Asian enterprises advancing AI without resilience strategies...
Penta Security Sets the Benchmark for Web Application Security, Earnin...
India bank domain registry exposed sensitive data in security lapse: e...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

News

Advanced fileless malware targets Philippine military using stealth techniques

By CybersecAsia editors | Monday, September 15, 2025, 4:56 PM Asia/Singapore

Advanced fileless malware targets Philippine military using stealth techniques

Researchers reveal a multi-step, in-memory attack leveraging DLL sideloading and encrypted payloads to maintain covert access.

Threat researchers have uncovered a sophisticated and stealthy cyber-espionage framework used by an advanced persistent threat (APT) group targeting a Philippine military firm.

This multi-stage, fileless malware campaign leverages a combination of living-off-the-land techniques and in-memory execution to maintain persistent access, avoid detection, and perform extensive system reconnaissance and data theft.

The initial intrusion was linked to the execution of a logon batch script from a remote SMB share, deploying a legitimate Windows binary alongside a malicious dynamic link library (DLL). This DLL hijacking (or sideloading) tactic had allowed the malware to execute payloads under the guise of trusted processes, bypassing traditional file-based security mechanisms. The first-stage loader had then established a reverse shell and enabled remote command execution on compromised systems.

Technical overview and attack methodology

To maintain persistence, the attackers abused pre-existing but typically disabled Windows services, either by modifying service registry keys to point to malicious DLLs, or by replacing legitimate service binaries. These services were then configured to run with elevated privileges, granting the attackers extensive access to the system memory and processes. Also:

  • The core payload was delivered and executed entirely in memory through a novel reflective loader. This loader decrypted and injected the main backdoor into trusted processes such as the Windows Defender service or explorer.exe, facilitating stealthy control and communication with the command-and-control (C2) servers.
  • Communication with the attacker’s C2 infrastructure had employed modern secure protocols and mutual TLS authentication, utilizing attacker-owned certificates for encrypted and authenticated remote procedure calls.
  • The backdoor supports a wide array of capabilities: comprehensive system fingerprinting; file and process manipulation; privilege escalation; network resource enumeration; lateral movement; and data exfiltration. It operates with a full command set designed for long-term surveillance and control without leaving decrypted malware files on disk.
  • Secondary lightweight backdoor had been observed, which was deployed to ensure redundancy in case the primary implant had been intercepted. This auxiliary component used a legitimate binary relocated to a user-writable directory for DLL sideloading and supported encrypted communication, remote command execution, and flexible command updates.
  • To gather sensitive user input, the threat actors had injected an encrypted keylogger directly into the memory of active explorer.exe processes. This keylogger intercepted keystrokes, clipboard content, and network adapter changes, encrypting logged data in real time for covert collection.

Finally, the attackers had leveraged a proxy tool to establish internal network footholds and route commands across the compromised environment, effectively bypassing segmentation and network-level defenses. Many methods bear telltale signs of a China-linked APT, but no specific threat group has been identified.

According to Martin Zugec, Technical Solutions Director, Bitdefender, the firm disclosing its investigations, this attack suggests in general that APTs aligned with Chinese interests could be “increasing their focus on espionage campaigns against military adversaries.”

Share:

PreviousHow to wage proactive defense against evolving cyber threats with Deception-as-a-Service
NextUS senator requests FTC probe over software giant’s poor cybersecurity track record

Related Posts

The dangers of viral AI-generated photos

The dangers of viral AI-generated photos

Thursday, April 3, 2025

Is the gap between personal- and workplace cyber hygiene narrowing?

Is the gap between personal- and workplace cyber hygiene narrowing?

Monday, September 30, 2024

Watch what your staff bring back to office after WFH tapers off

Watch what your staff bring back to office after WFH tapers off

Wednesday, June 3, 2020

What has happened to the invincible REvil group?

What has happened to the invincible REvil group?

Friday, July 16, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • ICAC Commissioner attends first IAACA European regional anti-corruption conference in Hungary

    Friday, July 3, 2026
    BUDAPEST, Hungary, July 2, 2026 …Read More »
  • Penta Security Sets the Benchmark for Web Application Security, Earning Frost & Sullivan’s 2026 South Korea Company of the Year Recognition

    Thursday, July 2, 2026
    By combining intelligent threat detection, …Read More »
  • SK shieldus Receives Frost & Sullivan’s 2026 APAC Customer Value Leadership Recognition for Excellence in Cybersecurity Services

    Monday, June 29, 2026
    The company is recognized for …Read More »
  • Global Tech Shift: Tune Talk Launches World’s First Network-Enforced Child Safety Mobile Plan, Bypassing App-Level Limitations

    Saturday, June 27, 2026
    PETALING JAYA, Malaysia, June 26, …Read More »
  • DJI Enterprise Advances Industry with New Framework for Dock as First Responder (DFR) Deployments

    Thursday, June 25, 2026
    New White Paper Outlines Best …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.