SecurityWeek reports that telecommunications firms and IT service providers in the Middle East and Asia are being subjected to attacks by Chinese advanced persistent threat group WIP19.
Numerous malware families have been used by WIP19, including SQLMaggie, ScreenCap, and a credential dumper, while malicious components have been signed by the APT using stolen certificates, a SentinelOne report showed.
Examination of the group's backdoors has prompted researchers to associate some of the group's components with Chinese-speaking malware author WinEggDrop. WIP19 has also likely stolen the valid certificate it has been using to sign its malware and credential harvesting tools from DEEPSoft Co., a messaging provider in South Korea.
"The intrusions we have observed involved precision targeting and were low in volume. Specific user machines were hardcoded as identifiers in the malware deployed, and the malware was not widely proliferated. Further, the targeting of telecommunications and IT service providers in the Middle East and Asia suggest the motive behind this activity is espionage-related," said SentinelOne.
Hamas spokesperson Hudhayfa Samir Abdallah al-Kahlut, also known as "Abu Ubaida," has been sanctioned by the U.S. Treasury Department for his leadership of the group's cyber influence operations, reports The Record, a news site by cybersecurity firm Recorded Future.
TechCrunch reports that U.S. conservative think tank The Heritage Foundation was working on addressing a cyberattack against its systems last week, but investigation into whether any of its data was compromised is still underway.
Iranian state-backed threat operation MuddyWater, also known as TA450, Mango Sandstorm, and Boggy Sandstorm, has leveraged the novel DarkBeatC2 command-and-control infrastructure tool as part of its latest attack campaign, The Hacker News reports.