Security News > 2022 > October > New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos
Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19.
"Almost all operations performed by the threat actor were completed in a 'hands-on keyboard' fashion, during an interactive session with compromised machines," SentinelOne researchers Joey Chen and Amitai Ben Shushan Ehrlich said in a report this week.
WIP19 is said to share links to another group codenamed Operation Shadow Force owing to overlaps in the use of WinEggDrop-authored malware, stolen certificates, and tactical overlaps.
The findings are yet another indication of how China-aligned hacking groups are at once sprawling and fluid owing to the reuse of the malware among several threat actors.
"WIP19 is an example of the greater breadth of Chinese espionage activity experienced in critical infrastructure industries," SentineOne researchers said.
"The existence of reliable quartermasters and common developers enables a landscape of hard-to-identify threat groups that are using similar tooling, making threat clusters difficult to distinguish from the defenders point of view."
News URL
https://thehackernews.com/2022/10/new-chinese-cyberespionage-group.html