Chinese threat actor targets Nepal, the Philippines, and Taiwan. New malware delivery technique. New Trojan can livestream victim’s screen.

/in


At a glance.

  • Chinese threat actor targets Nepal, the Philippines, and Taiwan.
  • SideCopy goes after Indian entities.
  • New malware delivery technique.
  • New Trojan can livestream victim’s screen.

Chinese threat actor targets Nepal, the Philippines, and Taiwan.

Recorded Future’s Insikt Group is tracking a suspected Chinese government threat actor that’s “targeting telecommunications, academia, research and development, and government organizations in Nepal, the Philippines, Taiwan, and more historically, Hong Kong.” Specifically, the campaign targeted the Industrial Technology Research Institute (ITRI) in Taiwan, Nepal Telecom, and the Department of Information and Communications Technology in the Philippines. The researchers emphasize the significance of targeting the ITRI:

“In particular, the targeting of the ITRI is notable due to its role as a technology research and development institution that has set up and incubated multiple Taiwanese technology firms. According to the ITRI’s website, the organization is particularly focused on research and development projects related to smart living, quality health, sustainable environment, and technology, many of which map to development priorities under China’s 14th 5-year plan, previously highlighted by Insikt Group as likely areas of future Chinese economic espionage efforts. In recent years, Chinese groups have targeted multiple organizations across Taiwan’s semiconductor industry to obtain source code, software development kits, and chip designs.”

SideCopy goes after Indian entities.

Cisco Talos is watching a campaign by the SideCopy APT targeting Indian government personnel. The threat actor, whose activity resembles that of Transparent Tribe (APT36), has incorporated new custom and commodity malware into its operations:

“Cisco Talos has observed an expansion in the activity of SideCopy malware campaigns, targeting entities in India. In the past, the attackers have used malicious LNK files and documents to distribute their staple C#-based RAT. We are calling this malware “CetaRAT.” SideCopy also relies heavily on the use of Allakore RAT, a publicly available Delphi-based RAT. “Recent activity from the group, however, signals a boost in…

Source…