Kaspersky Reports Doubling of DLL Hijacking Attacks Since 2023
Global cybersecurity company Kaspersky has reported a sharp rise in DLL hijacking attacks, revealing that incidents involving this technique have doubled since 2023. DLL hijacking, a long-standing method in cyberattacks, allows threat actors to replace legitimate dynamic link libraries (DLLs) used by trusted applications with malicious versions to execute harmful code.
According to data from the Kaspersky Security Network, the number of DLL hijacking cases and their variations—including DLL sideloading—has grown significantly between 2023 and 2025. The company observed such attacks targeting organizations in Russia, Africa, South Korea, and other regions, carried out by both cybercriminal groups and advanced persistent threat (APT) actors.
To strengthen defenses against this rising threat, Kaspersky SIEM has introduced a new AI-powered subsystem designed to analyze all loaded libraries in real time. The model has already demonstrated success by detecting and blocking an attack by the ToddyCat APT group before any damage occurred. It also identified attempts to infect victims with infostealers and malicious loaders.
> “We are seeing DLL hijacking attacks become more common, where a trusted program is tricked into loading a fake library instead of the real one,” said Anna Pidzhakova, Data Scientist at Kaspersky’s AI Research Center. “This technique is difficult to detect, and this is where AI can help. Using advanced protection techniques empowered with AI is now essential to staying ahead of these evolving threats and keeping critical systems safe.”
Further details on Kaspersky’s research and the AI model’s integration into its SIEM platform are available on Securelist, which has published two technical articles covering the model’s development and deployment.
Founded in 1997, Kaspersky protects over one billion devices worldwide and provides cybersecurity solutions for individuals, businesses, and governments. Its latest innovations aim to counter sophisticated and evolving digital threats through intelligence-driven and Cyber Immune technologies.