Attribute | Details |
---|---|
Threat Actors | China-based APT groups |
Campaign Overview | Cyber espionage campaign targeting high-profile organizations in Southeast Asia since October 2023 |
Target Regions (Or Victims) | Southeast Asia (government ministries, air traffic control, telecom, media outlet) |
Methodology | Open-source tools, living-off-the-land (LotL) techniques, reverse proxy tools, DLL payloads |
Product Targeted | Government organizations, telecoms, media outlets, air traffic control systems |
Malware Reference | PlugX (Korplug) – Remote access trojan, customized DLLs |
Tools Used | Rakshasa, Stowaway, keyloggers, password stealers, asset discovery tools |
Vulnerabilities Exploited | Not specified; initial infection vector remains undetermined |
TTPs (Tactics, Techniques, Procedures) | Long-term access, password dumping, reconnaissance, keylogger deployment, data exfiltration |
Attribution | China-based actors, difficult attribution due to shared tradecraft and tools |
Recommendations | Strengthen network monitoring, improve authentication mechanisms, adopt advanced detection tools |
Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/researchers-uncover-espionage-tactics.html
The above summary has been generated by an AI language model
Leave a Reply