DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse

April 11, 2024 at 06:05PM MITRE will add two sub-techniques to ATT&CK database, exploited by North Korean threat actors. TCC manipulation involves Apple macOS application permissions. “Phantom” DLL hijacking exploits nonexistent DLLs in Windows. These techniques allow hackers to gain privileged access and perform espionage. It’s crucial to keep SIP enabled and monitor DLL loading … Read more

DPRK Exploits 2 New MITRE Techniques: Phantom DLL Hijacking, TCC Abuse

April 11, 2024 at 04:09PM MITRE is adding two new techniques to its ATT&CK database due to exploits by North Korean threat actors. One technique involves TCC manipulation on Apple’s macOS, enabling privileged access for espionage. The other technique, phantom DLL hijacking on Windows, involves exploiting nonexistent DLL files. Both have been used by North … Read more