Category | Details |
---|---|
Threat Actor/Family | Unknown, possibly linked to OceanLotus (APT32) but not conclusively attributed. |
Framework Name | P8 framework |
Victims | Primarily from Vietnam, especially in the financial and real estate sectors. |
Initial Infection Vectors | Likely spear-phishing emails, use of obsolete Kaspersky Removal Tool, SMB, and printer driver vulnerabilities. |
Tools Used | P8 framework (loader + multiple plugins), Spectral Viper (OceanLotus), C2Implant. |
Plugins/Modules | 12 plugins identified, with functions for lateral movement, exfiltration, file management, credential stealing, screenshots, and custom loading. |
Persistence Mechanisms | Initial infections depended on commands from C2, later iterations included new persistence mechanisms. |
Changes in Attacks | Tactics, techniques, and procedures (TTPs) evolved over time, including changes in persistence and loading mechanisms. |
Victimology Update | Financial institutions in Vietnam, one manufacturing industry victim. |
Targeted Technology | Secure USB drives used by Southeast Asian government entity, compromised access management software. |
Malware Found on USB | Trojanized access management software designed to steal files and spread infection to other USB drives. |
Related Threat Actor | TetrisPhantom (attacks via Trojanized UTetris software). |
New Attacks Detected | Malicious code injected into secure USB drives found in 2024, targeting sensitive file transfer systems. |
Differences with TetrisPhantom | Despite similarities in tactics, the code used in recent USB drive attacks differs from previous UTetris-based attacks. |
Read full article: https://securelist.com/apt-report-q3-2024/114623/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply