Cyberspies drop new infostealer malware on govt networks in Asia
This cyberespionage activity is carried out by a distinct threat group previously associated with the ‘ShadowPad’ RAT. The most current campaign appears to be almost entirely focused on Asian governments. Chinese hackers are most likely behind these espionage campaigns, but the evidence is not credible enough to make a certain conclusion.
Security researchers have discovered a new cyberespionage activity targeting Asian governments, along with state-owned aerospace and defence companies, telecom companies, and IT organisations.
This activity is carried out by a distinct threat group previously associated with the ‘ShadowPad’ RAT (remote access trojan). Recently, the threat actor has used a much broader set of tools. The most current campaign appears almost entirely focused on Asian governments or public entities, such as the head of government/Prime Minister’s office, government-owned aerospace and defence companies, state-owned media companies, etc.
Chinese hackers are most likely behind these espionage campaigns, but the evidence is not credible enough to make a certain conclusion.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.