Novel backdoor targets ASEAN governments, organizations

Governments and other entities part of the Association of Southeast Asian Nations had their x86 systems subjected to attacks with the novel BLOODALCHEMY backdoor, which is included in the REF5961 intrusion set used by a China-linked threat operation, reports The Register. Only a few commands are supported by BLOODALCHEMY, including malware toolset writing or overwriting, malware binary deployment, and host information collection, as well as backdoor uninstallation, according to an Elastic Security Labs report. "While unconfirmed, the presence of so few effective commands indicates that the malware may be a subfeature of a larger intrusion set or malware package, still in development, or an extremely focused piece of malware for a specific tactical usage," said researchers. A separate Elastic report noted that the REF5961 toolset had the EAGERBEE, DOWNTOWN, and RUDEBIRD malware families, all of which were present in the REF2924 used in previous attacks against ASEAN members. Both DOWNTOWN and RUDEBIRD were discovered to have their debugging frameworks like BLOODALCHEMY, suggesting continuous development.