Malware, Threat Intelligence

Chinese malware attacks targeted at Japan

Chinese cyber threat

Organizations across Japan have been subjected to attacks by Chinese state-sponsored threat operation Cuckoo Spear involving the LODEINFO and NOOPDOOR backdoors, reports The Hacker News.

Attacks by Cuckoo Spear — which has been linked with APT10, also known as Stone Panda, Cicada, Bronze Riverside, ChessMaster, Cloudhopper, MirrorFace, and Purple Typhoon — may have involved the utilization of LODEINFO, which allows file theft, arbitrary shellcode execution, keystroke logging, process termination, and screenshot capturing, as an initial payload, according to a Cybereason report. On the other hand, NOOPDOOR, which resembles the ANEL Loader backdoor also used by APT10, may have been leveraged by threat actors as a secondary payload enabling further program execution to maintain persistence and evade detection in compromised systems for over two years, researchers reported. Such findings follow a Trend Micro report detailing APT10 operations to be divided into the Earth Tengshe and Earth Kasha clusters, with the latter alone associated with the use of LODEINFO and NOOPDOOR.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds