English

Kaspersky: DLL hijacking attacks have doubled since 2023

22:01
05/11/2025
Fatma Mahran
By

Dynamic link library (DLL) hijacking is a common technique in which attackers replace a library loaded by a legitimate process with a malicious one. It is used by creators of mass-impact malware, like stealers and banking Trojans, as well as by APT (advanced persistent threat) and cybercrime groups behind targeted attacks. Kaspersky reports that DLL hijacking attacks have doubled in the past two years.

The number of DLL hijacking attacks and their variations in 2023-2025.
Source: Kaspersky Security Network

Kaspersky has observed this technique and its variations, like DLL sideloading, in targeted attacks on organizations in Russia, Africa, South Korea, as well as other countries and regions. To further enhance its protection capabilities against this threat, Kaspersky SIEM has introduced a specialized AI-based subsystem that continuously analyzes information about all loaded libraries.

The new feature has already proven effective, helping to detect an attack by the APT group ToddyCat. It enabled the threat to be identified and blocked at an early stage, preventing any impact on the targeted organizations. The model also uncovered attempts to infect potential victims with an infostealer and a malicious loader.

“We are seeing DLL hijacking attacks become more common, where a trusted program is tricked into loading a fake library instead of the real one. This gives attackers a way to secretly run their malicious code. This technique is difficult to detect, and this is where AI can help. Using advanced protection techniques empowered with AI is now essential to staying ahead of these evolving threats and keeping critical systems safe,” says Anna Pidzhakova, Data Scientist at Kaspersky’s AI Research Center.

Securelist has published two related articles: the first explains how a machine-learning model was developed to detect DLL hijacking attacks, while the second describes how this model was integrated into the Kaspersky SIEM platform. The updated Kaspersky SIEM now features AI functionality for detecting signs of DLL hijacking attacks, improving detection efficiency.

مصر

Turkish Airlines is Relaunching its Sulaymaniyah Flights

2025-11-05
9:47 مساءً

الإمارات

The Countdown Begins: GESS Dubai 2025 Opens in One Week

2025-11-05
8:30 مساءً

الإمارات

Build Excitement for the Festive Season with Christmas Activities for All Ages at Centara Mirage Beach Resort Dubai

2025-11-05
8:28 مساءً

ÈLM Developments signs deal with CCC Egypt for “ÈLM Tree” project

2025-11-05
6:29 مساءً

مصر

DisrupTech Ventures Backs Chari as It Moves into Fintech and Joins Its Board, Marking Second African Investment Outside Egypt

2025-11-05
4:05 مساءً

مصر

Standard Bank Announces the Upcoming Launch of Its Representative Office in Egypt

2025-11-05
3:29 مساءً

الإمارات

Make This Festive Season Truly Unforgettable with a Celebration for the Whole Family at Rixos Marina Abu Dhabi

2025-11-05
1:16 مساءً

الإمارات

In Association with ICCO Abdulrahman Inayat of W7Worldwide Recognized Globally at the Athar Festival 2025

2025-11-05
12:24 مساءً

2025-11-06

Kaspersky: DLL hijacking attacks have doubled since 2023

Follow Us on Nabd

Follow Us on GoogleNews

Arqam App

Related Posts: