New Campaign by China-Linked Group Targets US Orgs for First Time

New Campaign by China-Linked Group Targets US Orgs for First Time
In a least one instance, the Palmerworm APT group was able to remain undetected on a compromised system for nearly six months, according to Symantec.

Researchers from Symantec have uncovered a new cyber espionage campaign by a likely China-based advanced persistent threat (APT) group called Palmerworm. The group is targeting organizations in multiple countries including, for the first time, the US.


Palmerworm has been using a collection of new malware, including payloads signed with stolen code-signing certificates, in the latest campaign, which Symantec estimated was launched in August 2019.


In a report this week, the security vendor said it had identified at least five victims of the new campaign so far. The victim list comprises three companies in the media, electronics, and finance sectors in Taiwan; a construction firm in China; and an engineering company in Japan. In some of these intrusions, the threat group remained active on the victim network for a whole year.


Symantec said it had also observed Palmerworm activity on some victim networks in the US recently, but it was not able to identify the organizations or industry sectors to which they belonged.


"Based on our visibility and data, this is the first time we have seen Palmerworm target the US," says Jon DiMaggio, cyber threat analyst at Symantec, a division of Broadcom. In a least one instance, the threat actors were able to remain undetected on a compromised system for nearly six months, Symantec said.


Palmerworm has traditionally targeted organizations located in Asia. So the attacks in the US represent a shift in the group's focus and are likely a trend that will continue, DiMaggio says.


After a few years of ..

Support the originator by clicking the read the rest link below.