Security News > 2021 > August > US Media, Retailers Targeted by New SparklingGoblin APT

US Media, Retailers Targeted by New SparklingGoblin APT
2021-08-25 15:10

The advanced persistent threat group is new, according to researchers who dubbed it SparklingGoblin.

SparklingGoblin, according to ESET researchers who named and discovered the crime group and backdoor, is an offshoot of another APT Winnti Group, first identified in 2013 by Kaspersky.

"Following the Hong Kong university compromise, we observed multiple compromises against organizations around the world using similar toolsets and TTPs. Considering those particular and to avoid adding to the general confusion around the 'Winnti Group' label, we decided to document this cluster of activity as a new group, which we have named SparklingGoblin, and that we believe is connected to Winnti Group while exhibiting some differences," ESET wrote.

Fresh Horizons for a New APT. In its initial campaigns, SparklingGoblin is believed to be after usernames and IP addresses from a US computer retailer and Canadian schools.

The group has mostly targeted the academic sectors in East and Southeast Asia.

"SparklingGoblin is a group with some level of connection to Winnti Group. It was very active in 2020 and the first half of 2021, compromising multiple organizations over a wide range of verticals around the world," researchers wrote.


News URL

https://threatpost.com/sparklinggoblin-apt/168928/