Earth Longzhi Returns With New Tricks to Target Organizations in Taiwan, Thailand, the Philippines, and Fiji
The campaign, which came after months of inactivity, was found to abuse a Windows Defender executable for DLL sideloading and exploit a vulnerable driver, zamguard.sys, to disable security products through a bring-your-own-vulnerable-driver attack.