Researchers Uncover Espionage Ways of China-Based mostly APT Teams in Southeast Asia

Dec 11, 2024Ravie LakshmananCyber Espionage / Cyber Assault

A suspected China-based menace actor has been linked to a sequence of cyber assaults concentrating on high-profile organizations in Southeast Asia since not less than October 2023.

The espionage marketing campaign focused organizations in varied sectors spanning authorities ministries in two completely different nations, an air visitors management group, a telecoms firm, and a media outlet, the Symantec Menace Hunter Staff mentioned in a brand new report shared with The Hacker Information.

The assaults, which leveraged instruments beforehand recognized as linked to China-based superior persistent menace (APT) teams, are characterised by way of each open-source and living-off-the-land (LotL) strategies.

Cybersecurity

This contains using reverse proxy applications similar to Rakshasa and Stowaway, in addition to asset discovery and identification instruments, keyloggers, and password stealers. Additionally deployed in the course of the course of the assaults is PlugX (aka Korplug), a distant entry trojan put to make use of by a number of Chinese language hacking teams.

“The threat actors also install customized DLL files that act as authentication mechanism filters, allowing them to intercept login credentials,” Symantec wrote. The Broadcom-owned firm advised The Hacker Information it couldn’t decide the preliminary an infection vector in any of the assaults.

In one of many assaults concentrating on an entity that lasted for 3 months between June and August 2024, the adversary performed reconnaissance and password dumping actions, whereas additionally putting in a keylogger and executing DLL payloads able to capturing consumer login data.

Symantec famous that the attackers managed to retain covert entry to compromised networks for prolonged intervals of time, permitting them to reap passwords and map networks of curiosity. The gathered data was compressed into password-protected archives utilizing WinRAR after which uploaded to cloud storage providers similar to File.io.

“This extended dwell time and calculated approach underscore the sophistication and persistence of the threat actors,” the corporate mentioned. “The geographical location of targeted organizations, as well as the use of tools linked previously to China-based APT groups, suggests that this activity is the work of China-based actors.”

It is price noting that the paradox in attributing these assaults to a selected Chinese language menace actor underscores the issue of monitoring cyber espionage teams after they often share instruments and use comparable tradecrafts.

Cybersecurity

The geopolitical tensions in Southeast Asia over ongoing territorial disputes within the South China Sea have been complemented by a sequence of cyber assaults concentrating on the area, as evidenced by menace exercise teams tracked as Unfading Sea Haze, Mustang Panda, CeranaKeeper, and Operation Crimson Palace.

The event comes a day after SentinelOne SentinelLabs and Tinexta Cyber disclosed assaults undertaken by a China-nexus cyber espionage group concentrating on massive business-to-business IT service suppliers in Southern Europe as a part of an exercise cluster dubbed Operation Digital Eye.

Final week, Symantec additionally revealed that an unnamed massive U.S. group was breached by probably Chinese language menace actors between April and August 2024, throughout which period they laterally moved throughout the community, compromising a number of computer systems and probably exfiltrating information.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.

Recent articles

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...

Meta Fined €251 Million for 2018 Knowledge Breach Impacting 29 Million Accounts

Dec 18, 2024Ravie LakshmananKnowledge Breach / Privateness Meta Platforms, the...