In a sophisticated cyberattack, the notorious ToddyCat APT group utilized a previously unknown vulnerability in ESET’s Command Line Scanner (ecls) to mask their malicious activities.
The attack came to light when researchers detected a suspicious file named version.dll in the temp directories of multiple compromised systems.
This file was identified as a tool called TCESB, designed to execute payloads undetected by bypassing security monitoring tools.
https://gbhackers.com/toddycat-attacker ... erability/