New LOWZERO backdoor deployed by Chinese APT hackers

Cyberattacks with the novel LOWZERO backdoor malware have been launched by Chinese advanced persistent threat group TA413, also known as LuckyCat, against Tibetan entities, The Hacker News reports. TA413 has exploited remote code execution flaws in Microsoft Office and Sophos Firewall, tracked as CVE-2022-30190 and CVE-2022-1040, respectively, to facilitate the intrusions, a report from Recorded Future revealed. "This willingness to rapidly incorporate new techniques and methods of initial access contrasts with the group's continued use of well known and reported capabilities, such as the Royal Road RTF weaponizer, and often lax infrastructure procurement tendencies," said Recorded Future. The report showed that additional modules could be retrieved by LOWZERO from its command-and-control server provided that attackers are interested in the impacted machine. "TA413's adoption of both zero-day and recently published vulnerabilities is indicative of wider trends with Chinese cyber-espionage groups whereby exploits regularly appear in use by multiple distinct Chinese activity groups prior to their widespread public availability," researchers added.