Security News > 2022 > October > Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization
An advanced persistent threat actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research.
The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News.
Budworm, also called APT27, Bronze Union, Emissary Panda, Lucky Mouse, and Red Phoenix, is a threat actor that's believed to operate on behalf of China through attacks that leverage a mix of custom and openly available tools to exfiltrate information of interest.
The latest set of attacks are no different, with the threat actor leveraging Log4Shell flaws to compromise servers and install web shells, ultimately paving the way for the deployment of HyperBro, PlugX, Cobalt Strike, and credential dumping software.
The development marks the second time Budworm has been linked to an attack on a U.S. entity.
"A resumption of attacks against U.S.-based targets could signal a change in focus for the group."
News URL
https://thehackernews.com/2022/10/budworm-hackers-resurface-with-new.html
Related news
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)