Threat Management, Vulnerability Management

Asian certificate authority, government agencies targeted by Chinese APT

SecurityWeek reports that Chinese advanced persistent threat group Billbug, also known as Lotus Blossom and Thrip, has launched attacks since March that have compromised a certificate authority, government entity, and defense agencies in Asia. "The targeting of a certificate authority is notable, as if the attackers were able to successfully compromise it to access certificates they could potentially use them to sign malware with a valid certificate, and help it avoid detection on victim machines. It could also potentially use compromised certificates to intercept HTTPS traffic," said Symantec in its report. However, Symantec noted the lack of evidence indicating successful compromise of digital certificates. Different public tools such as AdFind, Winmail, WinRAR, Ping, Port Scanner, Stowaway Proxy Tool, NBTscan, Certutil, and Tracert as well as the Sagerunex and Hannotog malware strains have been leveraged by Billbug in its attacks. "The ability of this actor to compromise multiple victims at once indicates that this threat group remains a skilled and well-resourced operator that is capable of carrying out sustained and wide-ranging campaigns," Symantec added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.