Cyberspies drop new infostealer malware on govt networks in Asia
This cyberespionage activity is carried out by a distinct threat group previously associated with the ‘ShadowPad’ RAT. The most current campaign appears to be almost entirely focused on Asian governments. Chinese hackers are most likely behind these espionage campaigns, but the evidence is not credible enough to make a certain conclusion.
Security researchers have discovered a new cyberespionage activity targeting Asian governments, along with state-owned aerospace and defence companies, telecom companies, and IT organisations.
This activity is carried out by a distinct threat group previously associated with the ‘ShadowPad’ RAT (remote access trojan). Recently, the threat actor has used a much broader set of tools. The most current campaign appears almost entirely focused on Asian governments or public entities, such as the head of government/Prime Minister’s office, government-owned aerospace and defence companies, state-owned media companies, etc.
Chinese hackers are most likely behind these espionage campaigns, but the evidence is not credible enough to make a certain conclusion.