| Category | Details |
|---|---|
| Threat Actor/Family | Unknown, possibly linked to OceanLotus (APT32) but not conclusively attributed. |
| Framework Name | P8 framework |
| Victims | Primarily from Vietnam, especially in the financial and real estate sectors. |
| Initial Infection Vectors | Likely spear-phishing emails, use of obsolete Kaspersky Removal Tool, SMB, and printer driver vulnerabilities. |
| Tools Used | P8 framework (loader + multiple plugins), Spectral Viper (OceanLotus), C2Implant. |
| Plugins/Modules | 12 plugins identified, with functions for lateral movement, exfiltration, file management, credential stealing, screenshots, and custom loading. |
| Persistence Mechanisms | Initial infections depended on commands from C2, later iterations included new persistence mechanisms. |
| Changes in Attacks | Tactics, techniques, and procedures (TTPs) evolved over time, including changes in persistence and loading mechanisms. |
| Victimology Update | Financial institutions in Vietnam, one manufacturing industry victim. |
| Targeted Technology | Secure USB drives used by Southeast Asian government entity, compromised access management software. |
| Malware Found on USB | Trojanized access management software designed to steal files and spread infection to other USB drives. |
| Related Threat Actor | TetrisPhantom (attacks via Trojanized UTetris software). |
| New Attacks Detected | Malicious code injected into secure USB drives found in 2024, targeting sensitive file transfer systems. |
| Differences with TetrisPhantom | Despite similarities in tactics, the code used in recent USB drive attacks differs from previous UTetris-based attacks. |
Read full article: https://securelist.com/apt-report-q3-2024/114623/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply