New malware tapped by Chinese APT in Philippine military firm-targeted attack

Attacks involving the newly discovered EggStreme fileless malware framework have been launched by a Chinese advanced persistent threat group against a military firm in the Philippines amid growing territorial disputes in the South China Sea, according to The Hacker News.

Threat actors have commenced the multi-stage operation with the delivery of the EggStremeFuel payload that profiles the targeted system before distributing the EggStremeLoader for persistence and the eventual injection of EggStremeAgent, a report from Bitdefender revealed.

Aside from obtaining drive information and achieving lateral movement, EggStremeAgent enables the retrieval of a keylogger and the EggStremeWizard auxiliary implant, which facilitates reverse shell access and file upload and download capabilities. EggStreme intrusions also involved the exploitation of the Stowaway proxy utility to further conceal illicit activity.

"The threat actor demonstrates an advanced understanding of modern defensive techniques by employing a variety of tactics to evade detection," said Bitdefender researcher Bogdan Zavadovschi.