The Ke3chang hacking group historically believed to be operating out of China has developed new malware dubbed Ketrum by merging features and source code from their older Ketrican and Okrum backdoors.
The cyber-espionage activities of the Ke3chang advanced persistent threat (APT) group (also tracked as APT15, Vixen Panda, Playful Dragon, and Royal APT) go as far as 2010 according to FireEye researchers.
Ke3chang's operations target a wide range of military and oil industry entities, as well as government contractors and European diplomatic missions and organizations.
New malware with old features
A new report from Intezer researchers shows how they discovered three Ketrum backdoor samples this month on the VirusTotal platform and associated them with the Chinese cyberspies after noticing that it reused both code and features from Ke3chang's Ketrican and Okrum backdoors.
The Ketrum samples they analyzed showed that the hacking group hasn't deviated from their previous documented Tactics, Techniques, and Procedures (TTPs).
The new backdoor still follows the same principle of providing a basic backdoor that can be used by Ke3chang operators to take control of a targeted device, connect to it from a remote server, and manually go through the other steps of the operation.
As they further found, the malware connected to a Chinese-based command and control (C2) server that ceased operating during mid-May after the Ketrum samples were spotted.
A feature comparison between the older Ketrican and Okrum backdoors and ..
Support the originator by clicking the read the rest link below.
