Threat Management
Telecoms, IT providers attacked by new Chinese APT
SecurityWeek reports that telecommunications firms and IT service providers in the Middle East and Asia are being subjected to attacks by Chinese advanced persistent threat group WIP19.
Numerous malware families have been used by WIP19, including SQLMaggie, ScreenCap, and a credential dumper, while malicious components have been signed by the APT using stolen certificates, a SentinelOne report showed.
Examination of the group's backdoors has prompted researchers to associate some of the group's components with Chinese-speaking malware author WinEggDrop. WIP19 has also likely stolen the valid certificate it has been using to sign its malware and credential harvesting tools from DEEPSoft Co., a messaging provider in South Korea.
"The intrusions we have observed involved precision targeting and were low in volume. Specific user machines were hardcoded as identifiers in the malware deployed, and the malware was not widely proliferated. Further, the targeting of telecommunications and IT service providers in the Middle East and Asia suggest the motive behind this activity is espionage-related," said SentinelOne.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds