China has been intensifying cyberespionage operations against Southeast Asia, as evidenced by the targeting of a Southeast Asian government by various China-linked threat actors, including Mustang Panda, also known as Stately Taurus, Gelsemium, and Alloy Taurus, also known as Granite Typhoon, The Hacker News reports.
Attacks by Mustang Panda against the Southeast Asian government lasted between the second quarter of 2021 and the third quarter of this year, with threat actors leveraging China Chopper web shells, a novel TONESHELL backdoor variant, ShadowPad, and other sophisticated tools to facilitate continuous intelligence gathering and sensitive data exfiltration efforts, a report from Palo Alto Networks Unit 42 revealed.
On the other hand, Gelsemium targeted the government's vulnerable Internet Information Services servers during a six-month period from 2022 to 2023 with several web shells and the SessionManager and OwlProxy backdoors.
Meanwhile, Alloy Taurus deployed a six-wave attack campaign since early 2022 that exploited Microsoft Exchange Server vulnerabilities to facilitate web shell deployment and the delivery of the novel ReShell and Zapoa malware strains. Credential theft activities were also conducted by Alloy Taurus during the attack period.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.