Security News > 2022 > September > Cyberspies drop new infostealer malware on govt networks in Asia
According to a report by Symantec's Threat Hunter team that dives into the activity, the intelligence-gathering attacks have been underway since at least early 2021 and are still ongoing.
Symantec presents an example of an attack that unfolded in April 2022 to showcase how the espionage group compromises its government targets.
The attackers used PsExec to execute Crash Handler and perform the DLL order hijacking trick to load payloads on additional computers in the network.
A month after the intrusion, the threat actors gained privileges to create new user accounts and mounted a snapshot of the active directory server to access user credentials and log files.
Symantec also highlights the use of the same keylogger deployed APT41 attacks against critical infrastructure organizations based in South East Asia.
"There is limited evidence to suggest links to past attacks involving the Korplug/PlugX malware and to attacks by a number of known groups, including Blackfly/Grayfly, and Mustang Panda," the researchers said.