Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates

2023-08-22 10:12

A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia.

The attacks, per the cybersecurity firm, leverage a trojanized version of a legitimate software called EsafeNet Cobra DocGuard Client to deliver a known backdoor called PlugX on victim networks.

"In the course of this attack, the attackers used malware signed with a legitimate Microsoft certificate," the company said in a report shared with The Hacker News.

The use of Cobra DocGuard Client to pull off a supply chain attack was previously highlighted by ESET in its quarterly Threat Report this year, detailing a September 2022 intrusion in which an unnamed gambling company in Hong Kong was compromised via a malicious update pushed by the software.

The attack, linked to a Chinese threat actor named Lucky Mouse, ultimately led to deployment of PlugX. However, the latest campaign spotted by Symantec in April 2023 exhibits little commonalities to conclusively tie it to the same actor.

"The malicious software was delivered to the following location on infected computers, which is what indicates that a supply chain attack or malicious configuration involving Cobra DocGuard is how the attackers compromised affected computers: 'csidl system driveprogram filesesafenetcobra docguard clientupdate,'" Syamtec said.

News URL

https://thehackernews.com/2023/08/carderbee-attacks-hong-kong.html

#attack #hongkong