Attacks by the Southeast Asian hacking group UTG-Q-015 have been continuously advancing since March, when it initially deployed widespread brute-force intrusions that sought to compromise government and enterprise web servers, according to GBHackers News.
UTG-Q-015, which was found to be Chinese speaking, then shifted to exploiting n-day vulnerabilities, including CVE-2021-38647, CVE-2017-9805, and CVE-2017-12611, alongside launching a puddle mounting operation aimed at Bitcoin systems, blockchain-related websites, GitLab interfaces, and digital signature backends the following month, a report from Qianxin Threat Intelligence Center revealed. Organizations in the financial industry have also been subjected to a multi-stage attack involving border server breaches via unknown web flaw abuse and IM phishing that resulted in third-stage payload deployment. UTG-Q-015 also set its sights on artificial intelligence platforms running on Linux for cyberespionage activities. Such a threat posed by UTG-Q-015 should prompt the implementation of cloud-based threat detection systems, said researchers.
UTG-Q-015, which was found to be Chinese speaking, then shifted to exploiting n-day vulnerabilities, including CVE-2021-38647, CVE-2017-9805, and CVE-2017-12611, alongside launching a puddle mounting operation aimed at Bitcoin systems, blockchain-related websites, GitLab interfaces, and digital signature backends the following month, a report from Qianxin Threat Intelligence Center revealed. Organizations in the financial industry have also been subjected to a multi-stage attack involving border server breaches via unknown web flaw abuse and IM phishing that resulted in third-stage payload deployment. UTG-Q-015 also set its sights on artificial intelligence platforms running on Linux for cyberespionage activities. Such a threat posed by UTG-Q-015 should prompt the implementation of cloud-based threat detection systems, said researchers.
