Just two criminal groups tightly took on Asian countries for the purpose of cyber espionage.
Recently, two APT groups linked to China have been actively attacking targets and countries related to the Association of Southeast Asian Nations (ASEAN). They operate as part of a cyber espionage campaign that has been going on for at least three months. One group, known as Mustang Panda, has been seen engaging in cyberattacks against Myanmar and other Asian countries using PlugX malware dubbed DOPLUGS.
Mustang Panda - also tracked under names such as Camaro Dragon, Earth Preta, and Stately Taurus — sent phishing emails to distribute malware in Myanmar, the Philippines, Japan, and Singapore. These actions coincided with the holding of a Special ASEAN-Australia Summit, which indicates the purposefulness of these attacks.
Palo Alto Networks reported two types of distributed malware. The first is a ZIP file containing the executable file "Talking_Points_for_China.exe", which loads the malicious library at startup "KeyScramblerIE.dll" eventually activating the PUBLOAD virus, often used by Mustang Panda hackers.
The second malware is the "Note PSO.scr" file, which extracts malicious code from a remote address, including a program with a certified signature of one of the major video game companies disguised as "WindowsUpdate.exe".
In addition, network traffic was detected between the object associated with ASEAN and the management infrastructure of the second Chinese APT group, indicating possible penetration into the system. This group, which also attacked Cambodia, remains unidentified by researchers.
Chinese cybercriminals have recently been more active and sophisticated than ever. So, special attention is drawn to a new Chinese cyber threat actor called Earth Krahang, which recently attacked 116 objects in 45 countries. In their attacks, the group used targeted phishing and vulnerabilities in Openfire and Oracle servers to deliver specialized malware such as PlugX, ShadowPad, ReShell, and DinodasRAT.
The activity of this grouping shows a strong focus on Southeast Asia and cross-engagement with another actor known as Earth Lusca, both of which may be managed by the same person associated with the Chinese government contractor I-Soon.
Recently, two APT groups linked to China have been actively attacking targets and countries related to the Association of Southeast Asian Nations (ASEAN). They operate as part of a cyber espionage campaign that has been going on for at least three months. One group, known as Mustang Panda, has been seen engaging in cyberattacks against Myanmar and other Asian countries using PlugX malware dubbed DOPLUGS.
Mustang Panda - also tracked under names such as Camaro Dragon, Earth Preta, and Stately Taurus — sent phishing emails to distribute malware in Myanmar, the Philippines, Japan, and Singapore. These actions coincided with the holding of a Special ASEAN-Australia Summit, which indicates the purposefulness of these attacks.
Palo Alto Networks reported two types of distributed malware. The first is a ZIP file containing the executable file "Talking_Points_for_China.exe", which loads the malicious library at startup "KeyScramblerIE.dll" eventually activating the PUBLOAD virus, often used by Mustang Panda hackers.
The second malware is the "Note PSO.scr" file, which extracts malicious code from a remote address, including a program with a certified signature of one of the major video game companies disguised as "WindowsUpdate.exe".
In addition, network traffic was detected between the object associated with ASEAN and the management infrastructure of the second Chinese APT group, indicating possible penetration into the system. This group, which also attacked Cambodia, remains unidentified by researchers.
Chinese cybercriminals have recently been more active and sophisticated than ever. So, special attention is drawn to a new Chinese cyber threat actor called Earth Krahang, which recently attacked 116 objects in 45 countries. In their attacks, the group used targeted phishing and vulnerabilities in Openfire and Oracle servers to deliver specialized malware such as PlugX, ShadowPad, ReShell, and DinodasRAT.
The activity of this grouping shows a strong focus on Southeast Asia and cross-engagement with another actor known as Earth Lusca, both of which may be managed by the same person associated with the Chinese government contractor I-Soon.
