March 27, 2024 at 01:15AM
China-linked APT groups have targeted ASEAN member countries in a cyber espionage campaign. Mustang Panda used phishing emails and malware to attack entities during the ASEAN-Australia Special Summit. Trend Micro also uncovered a new threat actor called Earth Krahang targeting 116 entities across 35 countries. Leaked documents from I-Soon revealed its sale of cyber tools to Chinese government entities.
Based on the meeting notes, the key takeaways are:
1. Multiple China-linked advanced persistent threat (APT) groups have been targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) in a cyber espionage campaign over the past three months.
2. One of the threat actors, Mustang Panda (aka Camaro Dragon, Earth Preta, and Stately Taurus), has targeted entities in Myanmar, the Philippines, Japan, and Singapore using phishing emails to deliver two malware packages, including a variant of the PlugX backdoor.
3. Earth Krahang, a new Chinese threat actor, has targeted 116 entities spanning 35 countries using spear-phishing and exploiting flaws in public-facing Openfire and Oracle servers to deliver bespoke malware.
4. A leaked set of documents from the Chinese government contractor I-Soon revealed its involvement in selling stealers and remote access trojans to multiple Chinese government entities, shedding light on China’s cyber espionage ecosystem.
5. The leak also provided insights into how China outsources parts of its cyber operations to private third-party companies, and the use of vulnerability disclosure requirements to stockpile and weaponize vulnerabilities.
These takeaways highlight the persistent and evolving nature of cyber threats originating from China, with a focus on Southeast Asia and broader international targets.