WinDealer via man-on-the-side
Kaspersky experts have studied the WinDealer malware by the LuoYu APT group. The most interesting finding is that the attackers have apparently mastered the man-on-the-side attack method and are successfully using it both to deliver malware and to control already infected computers.What is a man-onthe-side attack and how WinDealer’s operators use it? A man-on-the-side attack implies that the attacker somehow controls the communication channel, which allows him to read the traffic and inject arbitrary messages into normal data exchange. In some cases, WinDealer tries to access an address that cannot exist at all, but thanks to the man-on-the-side method, it still receives a response.
Read more about it: here