Security News > 2020 > September > China-based APT Debuts Sepulcher Malware in Spear-Phishing Attacks

Researchers discovered the new malware being distributed over the past six months through two separate campaigns.
"Based on the use of publicly known sender addresses associated with Tibetan dissident targeting and the delivery of Sepulcher malware payloads, [we] have attributed both campaigns to the APT actor TA413," said Proofpoint researchers in a Wednesday analysis.
The second phishing campaign, starting at the end of July, targeted Tibetan dissidents with the same strain of Sepulcher malware.
Chinese APT TA413 is previously known for targeting Tibetan dissidents, as it did in its July campaign, so the March attack shows the skyrocketing trend of Chinese APTs branching out and adopting COVID-19 lures in espionage campaigns during the first half of 2020.
"The usage of publicly known Tibetan-themed sender accounts to deliver Sepulcher malware demonstrates a short-term realignment of TA413's targets of interest," said researchers.
News URL
https://threatpost.com/chinese-apt-sepulcher-malware-phishing-attacks/158871/
Related news
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- China-linked FamousSparrow APT group resurfaces with enhanced capabilities (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)