Phishing, Threat Intelligence

Italy targeted by Chinese APT attacks

Share
Chinese cyber threat

Italy had its private companies and government agencies targeted by Chinese threat operation APT17 — also known as Bronze Keystone, Aurora Panda, Helium, TEMP.Avengers, Elderwood, and Hidden Lynx — in attacks involving a variant of the modular 9002 RAT malware in late June and early July, according to The Hacker News.

Attackers leveraged spear-phishing to lure targets into downloading an MSI installer for Skype for Business from a domain resembling one belonging to the Italian government, which when launched eventually triggered the execution of the 9002 RAT malware variant, an analysis from TG Soft revealed.

Aside from facilitating network traffic tracking and screenshot capturing, 9002 RAT also enabled process management, file enumeration, and further command execution, noted TG Soft researchers. "The malware appears to be constantly updated with diskless variants as well. It is composed of various modules that are activated as needed by the cyber actor so as to reduce the possibility of interception," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.