Security News > 2021 > December > Tropic Trooper Cyber Espionage Hackers Targeting Transportation Sector
Transportation industry and government agencies related to the sector are the victims of an ongoing campaign since July 2020 by a sophisticated and well-equipped cyberespionage group in what appears to be yet another uptick in malicious activities that are "Just the tip of the iceberg."
"The group tried to access some internal documents and personal information on the compromised hosts," Trend Micro researchers Nick Dai, Ted Lee, and Vickie Su said in a report published last week.
Earth Centaur, also known by the monikers Pirate Panda and Tropic Trooper, is a long-running threat group focused on information theft and espionage that has led targeted campaigns against government, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong dating all the way back to 2011.
"The group knows how to bypass security settings and keep its operation unobstructive. The usage of the open-source frameworks also allows the group to develop new backdoor variants efficiently."
The latest multi-stage intrusion sequence detailed by Trend Micro involves the group turning to exploit vulnerable Internet Information Services servers and Exchange server flaws as entry points to install a web shell that's then leveraged to deliver a.NET-based Nerapack loader and a first-stage backdoor known as Quasar on the compromised system.
"Currently, we have not discovered substantial damage to these victims as caused by the threat group," Trend Micro's analysts explained.
News URL
https://thehackernews.com/2021/12/tropic-trooper-cyber-espionage-hackers.html
Related news
- Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage (source)
- Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' (source)
- FBI confirms China-linked cyber espionage involving breached telecom providers (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks (source)