Security News > 2020 > November > Sophisticated Chinese APT Group Targets Southeast Asian Governments
A sophisticated advanced persistent threat group believed to be operating out of China has been stealthily targeting Southeast Asian governments over the past three years, Bitdefender reports.
Believed to be state-sponsored, the group was observed using numerous malware families, including the Chinoxy backdoor, PCShare RAT, and the FunnyDream backdoor.
The fact that some of these open-source tools are known to be of Chinese origin and the use of other resources in Chinese led the researchers to the conclusion that the group behind these attacks consists of Chinese speakers.
In 2018, the group was using the Chinoxy backdoor to establish persistence, with the open-source Chinese RAT PcShare being deployed afterwards.
A tool called ccf32 was being used for file collection and, starting in 2019, the same tool was being employed in FunnyDream infections.