Security News > 2020 > August > China-Linked 'CactusPete' Hackers Successful Despite Lack of Sophistication
A Chinese threat actor tracked by Kaspersky as CactusPete was observed leveraging an updated backdoor in recent attacks targeting military and financial organizations in Eastern Europe.
The adversary lacks sophistication, but has been relatively successful in attacks despite that, the security researchers say.
"Since the malware contains mostly information gathering functionality, most likely they hack into organizations to gain access to the victims' sensitive data. If we recall that CactusPete targets military, diplomatic and infrastructure organizations, the information could be very sensitive indeed," Kaspersky notes.
Other malware employed by the adversary includes the DoubleT backdoor, along with CALMTHORNE, Curious Korlia, and DOUBLEPIPE. Despite being a medium-level group in terms of technical capabilities, CactusPete was observed using more complex code, such as ShadowPad, which suggests outside support.
"We call CatusPete an Advanced Persistent Threat group, but the Bisonal code we analyzed is not that advanced. Yet, interestingly, the CactusPete APT group has had success without advanced techniques, using plain code without complicated obfuscation and spear-phishing messages with 'magic' attachments as the preferred method of distribution," Kaspersky concludes.