#OperationCrimsonPalace

Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain

October 21, 2024 by Xynik

October 21, 2024 at 10:02AM APT41, a Chinese state-sponsored cyber actor, conducted a sophisticated nine-month attack on the gambling and gaming industry, stealthily gathering sensitive data and evading detection by adapting strategies. Utilizing custom malware and exploiting credentials, they established persistence in the compromised network, targeting devices specifically within a designated VPN subnet. ### Meeting … Read more

China’s ‘Earth Baxia’ Spies Exploit Geoserver to Target APAC Orgs

September 22, 2024 by Xynik

September 22, 2024 at 09:10PM A China-linked cyber-espionage group dubbed Earth Baxia has targeted Taiwanese government agencies, the Philippine and Japanese military, and energy companies in Vietnam. The group primarily uses spear-phishing and a custom backdoor called EagleDoor, as well as exploiting a vulnerability in the open source GeoServer software. The majority of the group’s … Read more

Chinese Tag Team APTs Keep Stealing Asian Gov’t Secrets

September 10, 2024 by Xynik

September 10, 2024 at 06:06AM A trio of threat clusters linked to the People’s Republic of China have breached a dozen new targets, including a Southeast Asian government organization. Operation Crimson Palace utilizes a team-based approach for cyber heists, with three independent clusters handling various stages of the attack chain, demonstrating persistency and adaptability in … Read more

Multiple Chinese APTs Targeted Southeast Asian Government for Two Years

June 6, 2024 by Xynik

June 6, 2024 at 07:42AM Multiple China-linked state-sponsored cyberespionage groups, known as Operation Crimson Palace, targeted a Southeast Asian government over years. They utilized various tools, including a new malware named PocoProxy, for reconnaissance and data harvesting. Sophos identified three clusters of activity, suggesting a coordinated campaign under a central authority to support Chinese state … Read more

Chinese Threat Clusters Triple-Team a High-Profile Asia Government Org

June 5, 2024 by Xynik

June 5, 2024 at 06:40AM A new Sophos report reveals the extensive collaboration and sophistication of “Operation Crimson Palace,” an attack by three Chinese state-aligned threat clusters targeting a Southeast Asian government organization. Their teamwork involved advanced malware tools and evasion techniques, allowing them to steal sensitive military and political secrets. The report avoids specific … Read more