Chinese 'Spyder Loader' Malware Spotted Targeting Organizations in Hong Kong

2022-10-18 10:11

The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees.

Active since at least 2007, Winnti is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly aimed at stealing intellectual property from organizations in developed economies.

The latest activity, according to the Symantec Threat Hunter team, part of Broadcom Software, is a continuation of the proprietary data theft campaign, but with a focus on Hong Kong.

The attackers remained active on some of the compromised networks for as long as a year, the company said in a report shared with The Hacker News, adding the intrusions paved the way for the deployment of a malware loader called Spyder, which first came to light in March 2021.

"The fact that this campaign has been ongoing for several years, with different variants of the Spyder Loader malware deployed in that time, indicates that the actors behind this activity are persistent and focused adversaries, with the ability to carry out stealthy operations on victim networks over a long period of time," Symantec said.

As a further sign of Winnti's sophistication, Malwarebytes uncovered a separate set of attacks targeting government entities in Sri Lanka in early August with a new backdoor referred to as DBoxAgent that leverages Dropbox for command-and-control.

News URL

https://thehackernews.com/2022/10/chinese-spyder-loader-malware-spotted.html

#chinese #hongkong #malware