Security News > 2021 > April > Spy Operations Target Vietnam with Sophisticated RAT

Spy Operations Target Vietnam with Sophisticated RAT
2021-04-05 21:04

An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool for carrying out espionage operations, researchers said.

Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat known as Cycldek, according to Kaspersky researchers, who added that the group has been active since at least 2013.

DACL is an internal list attached to an object in Active Directory that specifies which users and groups can access the object and what kinds of operations they can perform on the object.

"In general, over the past year, we've noticed that many of these Chinese-speaking groups are investing more resources into their campaigns and honing their technical capabilities," said Mark Lechtik, senior security researcher with Kaspersky, in the analysis.

Kaspersky's analysis showed that dozens of computers were targeted in the campaign with the vast majority located in Vietnam.

Pierre Delcher, senior security researcher with Kaspersky, added, "What's more, given that these Chinese-speaking groups tend to share their tactics with one another, we wouldn't be surprised to find these same obfuscation tactics in other campaigns. We'll be monitoring the threat landscape for similar suspicious activity closely. For companies, the best thing they can do is keep their company up-to-date with the latest threat intelligence, so they know what to be on the lookout for."


News URL

https://threatpost.com/spy-operations-vietnam-rat/165243/