Critical Infrastructure Security, Threat Management

US state legislature, others targeted by Chinese-linked hacking operation

Chinese-linked cyberespionage operation Budworm also known as APT27, Bronze Union, Temp.Hippo, Emissary Panda, and Lucky Mouse has attacked an unnamed U.S. state legislature, as well as a multinational electronics firm, and a Middle Eastern government in the past six months, reports CyberScoop. Budworm's attack on the state legislature is the group's first U.S.-targeted attack in years, a report from the Symantec Threat Hunter Team revealed. The findings showed that the most recent attacks involved the exploitation of two Log4j flaws to facilitate the installation of web shells, a HyperBro malware strain, and the Korplug/PlugX remote access trojan. While the legislature has been compromised through its network, the attack's overall impact is yet to be determined, according to Symantec Threat Hunter Team Principal Intelligence Analyst Dick O'Brien. "Budworm is known for mounting ambitious attacks against high-value targets. While there were frequent reports of Budworm targeting U.S. organizations six to eight years ago, in more recent years the groups activity appears to have been largely focused on Asia, the Middle East, and Europe... A resumption of attacks against U.S.-based targets could signal a change in focus for the group," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.