Threat Management

Telecoms, IT providers attacked by new Chinese APT

Share
SecurityWeek reports that telecommunications firms and IT service providers in the Middle East and Asia are being subjected to attacks by Chinese advanced persistent threat group WIP19. Numerous malware families have been used by WIP19, including SQLMaggie, ScreenCap, and a credential dumper, while malicious components have been signed by the APT using stolen certificates, a SentinelOne report showed. Examination of the group's backdoors has prompted researchers to associate some of the group's components with Chinese-speaking malware author WinEggDrop. WIP19 has also likely stolen the valid certificate it has been using to sign its malware and credential harvesting tools from DEEPSoft Co., a messaging provider in South Korea. "The intrusions we have observed involved precision targeting and were low in volume. Specific user machines were hardcoded as identifiers in the malware deployed, and the malware was not widely proliferated. Further, the targeting of telecommunications and IT service providers in the Middle East and Asia suggest the motive behind this activity is espionage-related," said SentinelOne.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.