Security News > 2022 > October > Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization
An advanced persistent threat actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research.
The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News.
Budworm, also called APT27, Bronze Union, Emissary Panda, Lucky Mouse, and Red Phoenix, is a threat actor that's believed to operate on behalf of China through attacks that leverage a mix of custom and openly available tools to exfiltrate information of interest.
The latest set of attacks are no different, with the threat actor leveraging Log4Shell flaws to compromise servers and install web shells, ultimately paving the way for the deployment of HyperBro, PlugX, Cobalt Strike, and credential dumping software.
The development marks the second time Budworm has been linked to an attack on a U.S. entity.
"A resumption of attacks against U.S.-based targets could signal a change in focus for the group."
News URL
https://thehackernews.com/2022/10/budworm-hackers-resurface-with-new.html
Related news
- Russian hackers attack Western military mission using malicious drive (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Lazarus hackers breach six companies in watering hole attacks (source)
- Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Output Messenger flaw exploited as zero-day in espionage attacks (source)
- Hackers now testing ClickFix attacks against Linux targets (source)
- Hackers behind UK retail attacks now targeting US companies (source)