Category | Details |
---|---|
Threat Actors | China-based APT groups (Fireant, Earth Baku, Budworm, Mustang Panda) |
Campaign Overview | Espionage targeting Southeast Asian organizations in government, aviation, telecom, and media sectors |
Target Regions (Victims) | Southeast Asia, including government ministries, air traffic control, telecoms, media outlets |
Methodology | Intelligence gathering, prolonged access, network mapping, DLL sideloading, exfiltration |
Product Targeted | Windows systems, Active Directory accounts, user login credentials, network shares |
Malware Reference | PlugX (Korplug), Rakshasa, ReverseSSH, Win32Pro, mscorsvw.exe, ChromeUpdate.exe |
Tools Used | Dismap, FastReverseProxy, Impacket, Inveigh, Infostealer, WinRAR, PowerShell, Reg.exe, NBTScan, SharpGPOAbuse |
Vulnerabilities Exploited | Windows Management Instrumentation (WMI), registry modifications, DLL sideloading, keyloggers |
TTPs | Lateral movement, command execution, scheduled tasks, remote access, DLL sideloading, exfiltration, network scanning |
Attribution | Linked to Chinese state-backed threat actors (APT groups like Fireant, Earth Baku, Budworm) |
Recommendations | Use Symantec Protection updates, monitor for IOCs, deploy endpoint protection, detect suspicious activities |
Source | Broadcom |
Read full article: https://www.security.com/threat-intelligence/china-southeast-asia-espionage
The above summary has been generated by an AI language model
Leave a Reply