Malwarebytes’s Threat Intelligence team has uncovered a new attack dubbed “Kraken”, which is attributed to APT32.
The attacker abused the Windows Error Reporting process by injecting malicious shellcode into a new instance of WerFault.exe (Windows Error Reporting binary name), thus subverting its behavior while assuming the identity of a legitimate windows binary.
As an additional layer of defense, Minerva Labs' Hostile Environment Simulation will block the late stage shellcode by tricking it into believing it is executing in a virtual machine.
The full details of the attack can be found here.
If you've been the victim of a Kraken attack, or would like to talk to Minvera Lab's about upgrading your protection, please contact us.