top of page
  • Clipeus

LODEINFO Backdoor Developments

On January 24, 2024, ITOCHU Cyber & Intelligence reported novel samples of the LODEINFO backdoor consistent with ongoing development of the malware, which has been attributed to APT10. The backdoor, attributed to China-nexus APT10, has been targeting Japanese entities with LODEINFO since at least 2021, employing a spear-phishing attack vector and utilizing malicious Word documents predominantly weaponized with Visual Basic Scripts.

The backdoor is actively updated, and recent features include:

  • Removal of checks for Japanese-language environments, suggesting a broader geographical targeting scope.

  • Recent implementations include template injection which enables the threat actor to retrieve and execute macros when the victim opens the malicious attachment.

  • The macro executes a shellcode which is ultimately responsible for loading the LODEINFO backdoor. In some cases, researchers observed the backdoor being loaded via a deceptive file masquerading as a Privacy-Enhanced Mail.

  • The infection chain culminates with the backdoor is loaded directly into memory.


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to with your inquiry. We would be glad to assist you

bottom of page