Security News > 2020 > September > Things are getting back to normal: Chinese hackers revert to bugging Tibetans after brief Euro campaign
Malware pathologists have noted a return to "Business as usual" as groups associated with Chinese state interests turned their attentions back to Tibetan matters after a European dalliance earlier this year.
Back in March, a phishing campaign attempted to deliver the "Sepulcher" malware to various European institutions with a sender email identified as being linked to historical Chinese APT targeting of the Tibetan community, Proofpoint said.
A second phishing campaign kicked off at the end of July, and attempted to deliver the same strain of malware to Tibetan dissidents.
The security firm said: "While it is not impossible for multiple APT groups to utilize a single operator account against distinct targets in different campaigns, it is unlikely. It is further unlikely that this sender reuse after several years would occur twice in a four-month period between March and July, with both instances delivering the same Sepulcher malware family."
The evidence therefore points to an APT group best know for Tibetan campaigns being re-tasked to collect information from European organisations reeling from COVID-19 in March.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/09/02/sepulcher_malware/
Related news
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- White House links ninth telecom breach to Chinese hackers (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- Chinese hackers also breached Charter and Windstream networks (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards (source)