Organizations across Japan have been subjected to attacks by Chinese state-sponsored threat operation Cuckoo Spear involving the LODEINFO and NOOPDOOR backdoors, reports The Hacker News.
Attacks by Cuckoo Spear — which has been linked with APT10, also known as Stone Panda, Cicada, Bronze Riverside, ChessMaster, Cloudhopper, MirrorFace, and Purple Typhoon — may have involved the utilization of LODEINFO, which allows file theft, arbitrary shellcode execution, keystroke logging, process termination, and screenshot capturing, as an initial payload, according to a Cybereason report. On the other hand, NOOPDOOR, which resembles the ANEL Loader backdoor also used by APT10, may have been leveraged by threat actors as a secondary payload enabling further program execution to maintain persistence and evade detection in compromised systems for over two years, researchers reported. Such findings follow a Trend Micro report detailing APT10 operations to be divided into the Earth Tengshe and Earth Kasha clusters, with the latter alone associated with the use of LODEINFO and NOOPDOOR.