Security News > 2020 > September > Chinese Hackers Target Europe, Tibetans With 'Sepulcher' Malware
A Chinese threat actor was observed targeting both European diplomatic entities and the Tibetan community with the same strain of malware.
In a report published Wednesday, Proofpoint's security researchers revealed a link between COVID-19-themed attacks impersonating the World Health Organization to deliver the "Sepulcher" malware to economic, diplomatic, and legislative entities within Europe and attacks on the Tibetan community that delivered LuckyCat-linked malware and ExileRAT. Furthermore, a July campaign targeting Tibetan dissidents was attempting to deliver the same Sepulcher malware from the same infrastructure, with some of the employed email addresses previously used in attacks delivering ExileRAT, suggesting that both campaigns are the work of TA413.
Targeting European diplomatic and legislative entities and economic affairs and non-profit organizations, the March campaign attempted to exploit a Microsoft Equation Editor flaw to deliver the previously unidentified Sepulcher malware.
The July campaign was employing a malicious PowerPoint attachment designed to drop the same malware, and Proofpoint connected it to a January 2019 campaign that used the same type of attachments to infect victims with the ExileRAT malware.
The Sepulcher malware can conduct reconnaissance on the infected host, supports reverse command shell, and reading and writing from/to file.
News URL
Related news
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)