Press ESC to close

Likely China-based Attackers Target High-profile Organizations in Southeast Asia

Category Details
Threat Actors China-based APT groups (Fireant, Earth Baku, Budworm, Mustang Panda)
Campaign Overview Espionage targeting Southeast Asian organizations in government, aviation, telecom, and media sectors
Target Regions (Victims) Southeast Asia, including government ministries, air traffic control, telecoms, media outlets
Methodology Intelligence gathering, prolonged access, network mapping, DLL sideloading, exfiltration
Product Targeted Windows systems, Active Directory accounts, user login credentials, network shares
Malware Reference PlugX (Korplug), Rakshasa, ReverseSSH, Win32Pro, mscorsvw.exe, ChromeUpdate.exe
Tools Used Dismap, FastReverseProxy, Impacket, Inveigh, Infostealer, WinRAR, PowerShell, Reg.exe, NBTScan, SharpGPOAbuse
Vulnerabilities Exploited Windows Management Instrumentation (WMI), registry modifications, DLL sideloading, keyloggers
TTPs Lateral movement, command execution, scheduled tasks, remote access, DLL sideloading, exfiltration, network scanning
Attribution Linked to Chinese state-backed threat actors (APT groups like Fireant, Earth Baku, Budworm)
Recommendations Use Symantec Protection updates, monitor for IOCs, deploy endpoint protection, detect suspicious activities
Source Broadcom

Read full article: https://www.security.com/threat-intelligence/china-southeast-asia-espionage

The above summary has been generated by an AI language model

Source: Broadcom

Published on: December 11, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *