Security News > 2023 > June > Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor

Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023.

The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican.

"Flea used a large number of tools in this campaign," the company said in a report shared with The Hacker News, describing the threat actor as "Large and well-resourced." "As well as the new Graphican backdoor, the attackers leveraged a variety of living-off-the-land tools, as well as tools that have been previously linked to Flea.".

Graphican is said to be an evolution of a known Flea backdoor called Ketrican, features from which have since been merged with another implant known as Okrum to spawn a new malware dubbed Ketrum.

"The use of a new backdoor by Flea shows that this group, despite its long years of operation, continues to actively develop new tools," Symantec said.

"The similarities in functionality between Graphican and the known Ketrican backdoor may indicate that the group is not very concerned about having activity attributed to it."

News URL

https://thehackernews.com/2023/06/chinese-hacker-group-flea-targets.html