Security News > 2021 > December > Tropic Trooper Cyber Espionage Hackers Targeting Transportation Sector

Transportation industry and government agencies related to the sector are the victims of an ongoing campaign since July 2020 by a sophisticated and well-equipped cyberespionage group in what appears to be yet another uptick in malicious activities that are "Just the tip of the iceberg."

"The group tried to access some internal documents and personal information on the compromised hosts," Trend Micro researchers Nick Dai, Ted Lee, and Vickie Su said in a report published last week.

Earth Centaur, also known by the monikers Pirate Panda and Tropic Trooper, is a long-running threat group focused on information theft and espionage that has led targeted campaigns against government, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong dating all the way back to 2011.

"The group knows how to bypass security settings and keep its operation unobstructive. The usage of the open-source frameworks also allows the group to develop new backdoor variants efficiently."

The latest multi-stage intrusion sequence detailed by Trend Micro involves the group turning to exploit vulnerable Internet Information Services servers and Exchange server flaws as entry points to install a web shell that's then leveraged to deliver a.NET-based Nerapack loader and a first-stage backdoor known as Quasar on the compromised system.

"Currently, we have not discovered substantial damage to these victims as caused by the threat group," Trend Micro's analysts explained.

News URL

https://thehackernews.com/2021/12/tropic-trooper-cyber-espionage-hackers.html