June 21, 2024 at 04:51PM Chinese APT group “SneakyChef” has been engaging in government cyberespionage across various countries, using the SugarGh0st RAT and lately the SpiceRAT. Targeting ministries and embassies, they employ SFX RAR files to deliver malware and decoy documents. Their tactics aim to gather data and establish footholds for future, more sophisticated attacks. … Read more
May 22, 2024 at 10:04AM Chinese threat actors have advanced anti-analysis techniques using operational relay box networks (ORBs) comprised of virtual private servers and compromised devices. Mandiant reports an increase in their use, prompting defenders to reevaluate traditional threat monitoring methods. ORBs are maintained by private companies or the Chinese government and consist of five … Read more
February 28, 2024 at 07:45AM Mandiant reports that Chinese threat actors have exploited recent Ivanti Connect Secure VPN vulnerabilities, deploying new malware for persistence. Despite patches, attackers continued exploiting a vulnerability, deploying new malware families and demonstrating a nuanced understanding of the appliance to persistently execute backdoors. The threat actor, UNC5325, has been observed exploiting … Read more
December 1, 2023 at 06:24AM A Chinese-speaking cyberespionage group has launched a campaign using SugarGh0st RAT to target Uzbekistan’s Foreign Affairs Ministry and South Korean individuals. The malware, delivered via phishing emails with malicious attachments, allows remote control and has been active since August 2023. Connections to Chinese hackers are suggested by RAT’s traits and … Read more