Security News > 2020 > August > CactusPete APT Hones Toolset, Resurfaces with New Espionage Targets

CactusPete APT Hones Toolset, Resurfaces with New Espionage Targets
2020-08-13 20:23

The China-based APT known as CactusPete has returned with a new campaign aimed at military and financial targets in Eastern Europe, which is a new geography for the group's victimology, according to researchers.

CactusPete is a Chinese-speaking APT group that has been publicly known since at least 2013, according to the blog post.

Typically, CactusPete has collected victims in Japan, South Korea, Taiwan and the U.S. More recent campaigns in 2020 show that the group has shifted towards other Asian and Eastern European organizations.

"The group does continuously modify the payload code, studies the suggested victim in order to craft a trustworthy phishing email, sends it to an existing email address in the targeted company and makes use of new vulnerabilities and other methods to inconspicuously deliver the payload once an attachment has been opened," Zykov said, suggesting that CactusPete is developing into a larger threat to keep an eye on.

"Yet, interestingly, the CactusPete APT group has had success without advanced techniques, using plain code without complicated obfuscation and spear-phishing messages with 'magic' attachments as the preferred method of distributionThe infection occurs not because of advanced technologies used during the attack, but because of those who view the phishing emails and open the attachments."


News URL

https://threatpost.com/cactuspete-apt-toolset-respionage-targets/158350/