Chinese APT Uses New 'Stack Rumbling' Technique to Disable Security Software
A subgroup of the Chinese state-sponsored threat actor APT41, known as Earth Longzhi, has been observed using a new denial-of-service (DoS) technique called "stack rumbling" to disable security software. The group targets organizations in the Philippines, Taiwan, and Thailand. The attacks typically start with the exploitation of vulnerable public-facing applications and servers to deploy the Behinder web shell. Earth Longzhi also abuses legitimate Windows Defender executables to sideload DLLs and execute malware. The stack rumbling technique involves modifying the Image File Execution Options (IFEO) registry key with a new value large enough to crash the target application due to a stack overflow, causing a permanent DoS condition. Malware: Behinder, CobaltStrike [View Article](https://www.securityweek.com/chinese-apt-uses-new-stack-rumbling-technique-to-disable-security-software/)