Các bài viết liên quan:
Advanced Persistent Threat Agent (APT) is known as A baby worn targeted a US-based entity for the first time in more than six years, according to the latest research.
The attack targeted an unnamed US state legislature, the group Symantec Threat Hunter, belonging to Broadcom Software, said in a report shared with The Hacker News.
Other “strategically significant” intrusions over the past six months have targeted the government of a Middle Eastern country, a multinational electronics manufacturer and a hospital in Southeast Asia.
Budworm, also known as APT27, Bronze Union, Emissary Panda, Lucky Mouse, and Red Phoenix, is a threat actor operating on behalf of China through attacks that leverage a combination of custom tools and technology. available for information of interest.
“Bronze Union maintains a high degree of operational flexibility to adapt to the environments in which it operates,” notes Secureworks in the country-state group filing, pointing to its ability to “maintain access to sensitive systems for an extended period of time.”
A prominent backdoor allegedly belonging to the rival collective is HyperBro, which has been in use since at least 2013 and is in continuous development. Its other tools include PlugX, SysUpdate, and the China Chopper web shell.
The latest attacks are no different, with attackers taking advantage of Log4Shell vulnerabilities to compromise servers and install web shells, eventually paving the way for the deployment of HyperBro, PlugX, Cobalt Strike, and Cobalt Strike. software Credential output.
This development marks the second time Budworm has been implicated in an attack on a US entity. Earlier this month, the US government revealed that multiple national attack groups had compromised a defense organization using a ProxyLogon vulnerability in Microsoft Exchange Server to remove China Chopper and HyperBro.
In recent years, the group’s activity seems to have been mainly focused on Asia, the Middle East and Europe, the researchers said. “The resumption of strikes against US targets could signal a shift in focus for the group.”
