Security News > 2021 > April > Chinese Cyberspies Target Military Organizations in Asia With New Malware
A cyber-espionage group believed to be sponsored by the Chinese government has been observed targeting military organizations in Southeast Asia in attacks involving previously undocumented malware, Bitdefender reported on Wednesday.
The group has been known to focus on government and military organizations.
Last year, after its activity was exposed, Naikon made a similar move: it switched to a new backdoor, although it continued to use previously known malware for the first stages of attack.
The latest campaign ran between June 2019 and March 2021, and one of the new backdoors, dubbed RainyDay, was first used in attacks in September 2020, Bitdefender says.
The similarities are not surprising, considering that Chinese threat actors are known to be sharing infrastructure and tools, and because Naikon was previously observed using exploits attributed to other threat groups, in an attempt to evade detection.
As part of the latest attacks, the adversary also deployed a second new backdoor called Nebulae, likely as a precautionary measure.
News URL
Related news
- US adds web and gaming giant Tencent to list of Chinese military companies (source)
- Chinese cyber-spies peek over shoulder of officials probing real-estate deals near American military bases (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)