Blackwood APT hackers use DLL loader to escalate privileges and install backdoors. The loader targets users in Japan and China. The malware is a 32-bit DLL without obfuscation or encryption but has the ability to inject malicious code into legitimate processes. It employs anti-analysis techniques and bypasses User Account Control to establish a persistent backdoor. SonicWall has released a signature to detect and block this loader.

https://cybersecuritynews.com/blackwood-apt-escalate-privileges/