A new blog post and research report from the Lookout Threat Intelligence Team has exposed the lengths to which a reputed Chinese government-sponsored APT operation has allegedly gone to track the country’s Uyghur minority population, including the trojanization of mobile apps with surveillanceware.
Lookout details four spyware families — SilkBean, DoubleAgent, CarbonSteal and GoldenEagle — that have not previously been publicly reported (or were only minimally reported) and have been operating as far back as 2015. Moreover, the cybersecurity firm says these malware programs are connected via shared code, C2 infrastructure and signing certificates to a previously known quartet of Android surveillance tools, called HenBox, PluginPhantom, Spywaller and DarthPusher.
Lookout pins the APT activity on the reputed Chinese APT actor known as APT15, Ke3chang — also referred to as GREF, Mirage, Vixen Panda and Playful Dragon.
The APT operation reportedly has been running campaigns as far back as 2013, with the primarily goal to connect and exfiltrate personal user information in an attempt to keep tabs on Uyghurs, a Turkic-speaking ethnic group that is native to the Xinji ..
Support the originator by clicking the read the rest link below.
