Security researchers have discovered new cyber spying activity which is targeting government entities in Asia, as well as state-owned aerospace and defense firms, telecom companies, and IT organizations.
The threat actor behind this recent activity is a group that was previously associated with the “ShadowPad” RAT (remote access trojan). In the most recent activity, the group have launched a much more sophisticated attack.
A report by Symantec’s Threat Hunter team that provides details on the activity, says these intelligence-stealing attacks have been underway since early 2021 and are still ongoing.
The current campaigns appears to be almost entirely focused on targeting head of governments, government financial institutions, government-owned aerospace and defense companies, state-owned telecom companies, IT organizations and media companies.
The way the threat actors carry out the attack is by implanting a malicious DLL that is side-loaded by launching the executable file of a legitimate application to load a .dat file.
The tools employed by the threat actors have the capability of keylogging, taking screenshots, downloading files, connecting to the database and running SQL quries, code injection etc.
To protect your systems from such sophisticated attacks, keep all software up to date to prevent cybercriminals from exploiting known vulnerabilities.