Researchers have revealed a previously undocumented threat actor of Chinese origin that has run at least six different cyber espionage campaigns in the Southeast Asian region since 2013.
The findings — disclosed by Palo Alto Networks’ threat intelligence team Unit 42 — linked the attacks to a group (or groups) it called PKPLUG, named after its tactic of delivering PlugX malware inside ZIP files, which are identified with the signature “PK.”
The ambiguity in its attribution is because “our current visibility doesn’t allow us to determine with high confidence if this is the work of one group, or more than one group which uses the same tools and has the same tasking,” Unit 42 said.
PKPLUG has been found to install backdoor Trojan implants on victim systems, including mobile devices, for tracking and gathering information, although their ultimate motives are as yet unclear.
Their main targets include Myanmar, Taiwan, Vietnam, and Indonesia, along with Mongolia, Tibet, and Xinjiang, all three of which are known for their contentious relations with China. Xinjiang province, in particular, is home to the country’s Uyghur Muslim minority, a populace that has been the subject of persecution and heightened surveillance in recent years.
“This group (or groups) has a long history and series of creating custom tools which implies they are persistent, and well-resourced,” Unit 42’s Alex Hinchliffe told TNW. “For example, the creation and use of a custom Android malware […] may indicate th ..
Support the originator by clicking the read the rest link below.
