Threat actors have been targeting Southeast Asian tech companies with an open-source backdoor that helps establish a foothold in infected machines, and a weaponized text-to-speech application that lets attackers gain SYSTEM-level access.
BlackBerry Cylance’s research and intelligence team said in a Sept. 25 blog post that attackers behind the two-year-old campaign are using the malicious tools to conduct a reconnaissance operation, the mission of which is to exfiltrate sensitive data from targets and move laterally through the their systems.
The researchers also said that the threat actor has exhibited behavior that is in keeping with suspected Chinese APT group Tropic Trooper, which is known to target heavy industry companies in Taiwan and the Philippines and has used the same backdoor in other campaigns. However, open-source malware is accessible to virtually anyone, and attribution has not been confirmed.
The backdoor is a modified version of a Chinese remote access trojan called PcShare. The malicious binary features command-and-control encryption and proxy bypass capabilities, and is delivered via a customized downloader via sideloading by the le ..
Support the originator by clicking the read the rest link below.
