Security News > 2020 > September > Chinese Hackers Target Europe, Tibetans With 'Sepulcher' Malware

A Chinese threat actor was observed targeting both European diplomatic entities and the Tibetan community with the same strain of malware.

In a report published Wednesday, Proofpoint's security researchers revealed a link between COVID-19-themed attacks impersonating the World Health Organization to deliver the "Sepulcher" malware to economic, diplomatic, and legislative entities within Europe and attacks on the Tibetan community that delivered LuckyCat-linked malware and ExileRAT. Furthermore, a July campaign targeting Tibetan dissidents was attempting to deliver the same Sepulcher malware from the same infrastructure, with some of the employed email addresses previously used in attacks delivering ExileRAT, suggesting that both campaigns are the work of TA413.

Targeting European diplomatic and legislative entities and economic affairs and non-profit organizations, the March campaign attempted to exploit a Microsoft Equation Editor flaw to deliver the previously unidentified Sepulcher malware.

The July campaign was employing a malicious PowerPoint attachment designed to drop the same malware, and Proofpoint connected it to a January 2019 campaign that used the same type of attachments to infect victims with the ExileRAT malware.

The Sepulcher malware can conduct reconnaissance on the infected host, supports reverse command shell, and reading and writing from/to file.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/2WJwwE_nfbQ/chinese-hackers-target-europe-tibetans-sepulcher-malware