Chinese state-sponsored advanced persistent threat group Cicada, also known as APT10, Bronze Riverside, Stone Panda, Potassium, or MenuPass Team, has expanded its attacks against government, religious, legal, and non-governmental organizations in North America, Europe, Asia, and other parts of the world from the middle of last year until this February, according to The Hacker News.
Government entities and NGOs have been particularly attacked by Cicada, which has mostly targeted organizations in the US, Canada, Hong Kong, Turkey, and Israel, a Symantec Threat Hunter Team report showed. "There are also some victims in the telecoms, legal, and pharmaceutical sectors, but governmental and non-profit organizations appeared to have been the main focus in this campaign," said Symantec Threat Hunter Team Senior Information Developer Brigid Gorman. Cicada has been observed to have leveraged the SodaMaster backdoor, the Mimikatz credential dumping tool, WMIExec, NBTScan, and the VLC Media Player. "This campaign with victims in such a large number of sectors appears to show the group is now interested in a wider variety of targets," Gorman added.