Security News > 2022 > October > Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization
An advanced persistent threat actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research.
The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News.
Budworm, also called APT27, Bronze Union, Emissary Panda, Lucky Mouse, and Red Phoenix, is a threat actor that's believed to operate on behalf of China through attacks that leverage a mix of custom and openly available tools to exfiltrate information of interest.
The latest set of attacks are no different, with the threat actor leveraging Log4Shell flaws to compromise servers and install web shells, ultimately paving the way for the deployment of HyperBro, PlugX, Cobalt Strike, and credential dumping software.
The development marks the second time Budworm has been linked to an attack on a U.S. entity.
"A resumption of attacks against U.S.-based targets could signal a change in focus for the group."
News URL
https://thehackernews.com/2022/10/budworm-hackers-resurface-with-new.html
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)