Numerous biomedical, IT, and manufacturing entities in the U.S., Taiwan, Vietnam, and an unspecified island in the Pacific have been subjected to cyberespionage attacks by the newly discovered state-sponsored threat operation Grayling from February to May, according to The Record, a news site by cybersecurity firm Recorded Future.
Attacks by Grayling involved the utilization of both the Havoc open-source tool for additional payload deployment and the NetSpy spyware, as well as the exploitation of the Windows flaw, tracked as CVE-2019-0803, after achieving initial access through targeting publicly exposed infrastructure, a report from Symantec revealed.
"The use of custom techniques combined with publicly available tools is typical of the activity we see from APT groups these days, with threat actors often using publicly available or living-off-the-land tools in attempts to bypass security software and help their activity stay under the radar of defenders," said researchers, which suspected that Grayling may be from a region highly interested in Taiwan given intense targeting of Taiwanese firms as part of the campaign.