June 21, 2024 at 10:45AM
The SneakyChef, a Chinese-speaking threat actor, has conducted an espionage campaign targeting government agencies in Asia and EMEA since August 2023. They have used SugarGh0st malware and a new remote access trojan codenamed SpiceRAT, employing various infection chains and techniques, expanding their scope to countries including Angola, India, Latvia, Saudi Arabia, and Turkmenistan.
Key Takeaways from the meeting notes on Jun 21, 2024:
1. A new threat actor named SneakyChef, primarily targeting government entities across Asia and EMEA, has been linked to espionage campaigns related to SugarGh0st malware.
2. The hacker crew has used lures concerning Ministries of Foreign Affairs and embassies, primarily targeting government organizations.
3. Various countries, including South Korea, Uzbekistan, U.S., Angola, India, Latvia, Saudi Arabia, and Turkmenistan, have been targeted in this campaign.
4. The attacks utilized spear-phishing campaigns, employing Windows Shortcut (LNK) files and RAR archives to deliver the malware.
5. Another Trojan named SpiceRAT has been observed with two different infection chains for propagation, using DLL side-loading techniques.
6. The attackers are observed to have advanced capabilities, including downloading and executing arbitrary commands, significantly increasing the attack surface.
Please let me know if you need further details or analysis on any specific aspect.