Unmasking Lockbit: A Deep Dive Into DLL Sideloading And Masquerading Tactics
Symantec, Thursday, July 31st, 2025
Stealthy tactics, techniques, and procedures (TTPs) help ransomware attackers remain under the radar.
Attackers deploying the LockBit ransomware have continually evolved their tactics, techniques, and procedures (TTPs) to evade detection and maximize its impact. Among their sophisticated arsenal, two techniques stand out for their effectiveness in concealing malicious activities: DLL sideloading and masquerading. This blog post delves into how attackers deploying LockBit leverage these methods to establish persistence and blend into legitimate system processes.
While this blog details methods used in LockBit ransomware attacks specifically, similar methods are used by attackers deploying other malicious payloads as well.