Security News > 2022 > October > Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization

An advanced persistent threat actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research.

The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News.

Budworm, also called APT27, Bronze Union, Emissary Panda, Lucky Mouse, and Red Phoenix, is a threat actor that's believed to operate on behalf of China through attacks that leverage a mix of custom and openly available tools to exfiltrate information of interest.

The latest set of attacks are no different, with the threat actor leveraging Log4Shell flaws to compromise servers and install web shells, ultimately paving the way for the deployment of HyperBro, PlugX, Cobalt Strike, and credential dumping software.

The development marks the second time Budworm has been linked to an attack on a U.S. entity.

"A resumption of attacks against U.S.-based targets could signal a change in focus for the group."

News URL

https://thehackernews.com/2022/10/budworm-hackers-resurface-with-new.html