October 16, 2023 at 11:23AM
Security researchers have discovered a backdoor called “BLOODALCHEMY” that targets x86 systems and is being used in attacks against governments and organizations in the Association of Southeast Asian Nations (ASEAN). The backdoor is part of the REF5961 intrusion set, which is believed to be linked to a group with ties to China. BLOODALCHEMY is still a work in progress, with limited capabilities. It is suspected to be a subfeature of a larger intrusion set or malware package. The REF5961 intrusion set also includes three new malware families known as EAGERBEE, RUDEBIRD, and DOWNTOWN.
Summary:
Security researchers at Elastic Security Labs have discovered a backdoor called “BLOODALCHEMY” that has been used in attacks against governments and organizations in the Association of Southeast Asian Nations (ASEAN). The backdoor is part of the REF5961 intrusion set, believed to be linked to a group with ties to China. BLOODALCHEMY is still a work in progress, with limited capabilities, and is considered a subfeature of a larger intrusion set. The backdoor achieves persistence on target machines by copying itself into various persistence folders. Researchers believe that the operators of REF5961 are state-sponsored and engaged in espionage-motivated activities. The intrusion set includes three malware families named EAGERBEE, RUDEBIRD, and DOWNTOWN, with evidence of code and tool sharing between them. All three malware families, including BLOODALCHEMY, still have debugging frameworks, indicating ongoing development by the operators.
(Note: This summary provides a condensed version of the meeting notes.)