August 19, 2024 at 09:15AM Cyberint Research Team discovered a new malware, UULoader, being used by threat actors to deliver Gh0st RAT and Mimikatz. It’s distributed through malicious installers targeting Korean and Chinese speakers. Additionally, threat actors are using cryptocurrency-themed lure sites for phishing attacks and leveraging popular AI platforms for malicious activities, prompting a … Read more
July 29, 2024 at 02:18AM The Gh0st RAT is being delivered to Chinese-speaking Windows users by the Gh0stGambit evasive dropper through a drive-by download scheme. The infection originates from a fake website masquerading as Google’s Chrome browser. The malware is capable of various malicious activities, and the distribution via drive-by downloads highlights the need for … Read more
June 14, 2024 at 08:43AM The blog entry analyzes the Noodle RAT backdoor, indicating it is used by Chinese-speaking groups involved in espionage and cybercrime. It covers the history, functionalities, communication protocols, and similarities to other malware such as Gh0st RAT and Rekoobe. The potential server-side components of Noodle RAT were also disclosed. For more … Read more
June 13, 2024 at 02:42AM Chinese-speaking threat actors have utilized a new cross-platform malware, Noodle RAT, for espionage or cybercrime since at least July 2016. This previously undocumented backdoor is distinct from existing malware, with both Windows and Linux versions. Analysis suggests it’s shared among Chinese-speaking groups and likely sold commercially within China’s cyber espionage … Read more
May 23, 2024 at 10:45AM Sharp Panda, a China-linked threat actor, has broadened its scope to target government organizations in Africa and the Caribbean, utilizing Cobalt Strike Beacon to execute cyber espionage and displaying a sophisticated understanding of its targets. This expansion aligns with China’s strategic efforts to extend influence, as seen in the wider … Read more
May 23, 2024 at 07:22AM A Chinese threat group known as Unfading Sea Haze has been targeting military and government entities in the South China Sea for over six years, utilizing sophisticated tools and tactics including spear-phishing, backdoors, and commercially available remote monitoring and management tools. The group’s activities align with Beijing’s interests, indicating potential … Read more
May 22, 2024 at 11:19AM Cybersecurity researchers uncovered a new threat group called Unfading Sea Haze, targeting high-level organizations in South China Sea countries. The attackers have ties to Chinese interests, utilize various malware and persistence techniques, and engage in manual data exfiltration, suggesting a focused espionage campaign. The group’s sophisticated arsenal and tactics aim … Read more
May 22, 2024 at 09:32AM “Unfading Sea Haze,” a previously unknown threat actor, is targeting military and government entities in the South China Sea region, displaying alignment with Chinese geo-political interests. Their attacks involve abusing MSBuild for fileless malware and deploying various tools such as custom keyloggers and info-stealers. To counter these attacks, organizations require … Read more
December 1, 2023 at 06:24AM A Chinese-speaking cyberespionage group has launched a campaign using SugarGh0st RAT to target Uzbekistan’s Foreign Affairs Ministry and South Korean individuals. The malware, delivered via phishing emails with malicious attachments, allows remote control and has been active since August 2023. Connections to Chinese hackers are suggested by RAT’s traits and … Read more
November 30, 2023 at 04:08PM A modified “Gh0st RAT” malware, called “SugarGh0st,” has been targeting South Koreans and Uzbekistan’s Ministry of Foreign Affairs. Distributed via phishing with decoy documents, the updated malware evades detection and allows remote access, data theft, and system manipulation. Originating from March 2008, Gh0st RAT remains effective due to its adaptability … Read more