Security Response Attack Investigation Team
Since Symantec first exposed the Thrip group in 2018, the stealthy China-based espionage group has continued to mount attacks in South East Asia, hitting military organizations, satellite communications operators, and a diverse range of other targets in the region.
Many of its recent attacks have involved a previously unseen backdoor known as Hannotog (Backdoor.Hannotog) and another backdoor known as Sagerunex (Backdoor.Sagerunex). Analysis of the latter has revealed close links to another long-established espionage group called Billbug (aka Lotus Blossom). In all likelihood, Thrip and Billbug now appear to be one and the same.
"Thrip APT group hits targets in Hong Kong, Macau, Indonesia, Malaysia, the Philippines, Vietnam https://symc.ly/2m4FiUv" Ambitious targets
Since we last published on Thrip in June 2018, the group has attacked at least 12 organizations, all located within South East Asia. Its targets have been located in Hong Kong, Macau, Indonesia, Malaysia, the Philippines, and Vietnam.
The group has attacked a diverse range of targets over the past year, most notably military targets in two different countries. It has also attacked organizations in the maritime communications, media, and education sectors. Thrip has continued to target organizations in the satellite communications sector, with evidence of activity dating to as recently as July 2019. One of the most alarming discoveries we made in our original Thrip research was that the group had targeted a satellite communications operator and seemed to be interested in the operational side of the company, looking for and infecting computers running software that monitored and controlled satellites. Significantly, Thrip has continued to target ..
Support the originator by clicking the read the rest link below.
