BleepingComputer reports that the novel advanced persistent threat operation Lancefly has been targeting South and Southeast Asian government, telecommunication, and aviation entities with the advanced custom Merdoor malware over the past five years.
Intelligence gathering is believed to be Lancefly's motive in attacks with the stealthy Merdoor backdoor, which not only builds persistence, but also enables command execution and keylogging activities, according to a report from Symantec Threat Labs.
Several techniques, including phishing emails, exploitation of known vulnerabilities, and SSH credentials brute-forcing, have been employed by Lancefly to facilitate Merdoor delivery, with the attackers later leveraging the Atexec functionality of Impacket to spread the malware across the network.
Aside from Merdoor, Lancefly has also been using an updated ZXShell rootkit, which has a loader that could prompt payload deployment and shellcode reading and execution, among others.
Such a tool has also been used by other Chinese APT operations, including APT41 and APT17.
SiliconAngle reports that mounting cybersecurity threats against the hardware supply chain have prompted the Cybersecurity and Infrastructure Security Agency to unveil a new framework aimed at bolstering risk assessment and mitigation in the supply chain.
The Philippine Health Insurance Corporation, which manages the country's universal healthcare system, had its websites and portals disrupted by a Medusa ransomware attack last week, from which it is struggling to recover, reports The Record, a news site by cybersecurity firm Recorded Future.
Ukraine's Prosecutor General's Office and other departments involved in war crimes documentation have been facing mounting cyberattacks from Russian state-sponsored threat operations looking to obtain evidence regarding such crimes, which is a sharp contrast from the previous targeting of energy facilities, Reuters reports.