| Category | Details |
|---|---|
| Threat Actors | China-based APT groups (Fireant, Earth Baku, Budworm, Mustang Panda) |
| Campaign Overview | Espionage targeting Southeast Asian organizations in government, aviation, telecom, and media sectors |
| Target Regions (Victims) | Southeast Asia, including government ministries, air traffic control, telecoms, media outlets |
| Methodology | Intelligence gathering, prolonged access, network mapping, DLL sideloading, exfiltration |
| Product Targeted | Windows systems, Active Directory accounts, user login credentials, network shares |
| Malware Reference | PlugX (Korplug), Rakshasa, ReverseSSH, Win32Pro, mscorsvw.exe, ChromeUpdate.exe |
| Tools Used | Dismap, FastReverseProxy, Impacket, Inveigh, Infostealer, WinRAR, PowerShell, Reg.exe, NBTScan, SharpGPOAbuse |
| Vulnerabilities Exploited | Windows Management Instrumentation (WMI), registry modifications, DLL sideloading, keyloggers |
| TTPs | Lateral movement, command execution, scheduled tasks, remote access, DLL sideloading, exfiltration, network scanning |
| Attribution | Linked to Chinese state-backed threat actors (APT groups like Fireant, Earth Baku, Budworm) |
| Recommendations | Use Symantec Protection updates, monitor for IOCs, deploy endpoint protection, detect suspicious activities |
| Source | Broadcom |
Read full article: https://www.security.com/threat-intelligence/china-southeast-asia-espionage
The above summary has been generated by an AI language model
Leave a Reply