Novel TinyNote backdoor leveraged in Camaro Dragon attacks

New attacks by Chinese state-backed threat operation Camaro Dragon, which overlaps with Mustang Panda, have involved the novel Go-based TinyNote malware, which creates various persistency tasks to ensure host access despite its lacking sophistication, according to The Hacker News. Southeast and East Asian embassies are thought to be targeted by the TinyNote backdoor, which is being deployed through files with foreign affairs-related names, a report from Check Point revealed. TinyNote has been noted to evade SmadAV, an Indonesian antivirus tool widely used across Southeast Asia. "The TinyNote backdoor highlights the targeted approach of Camaro Dragon and the extensive research they conduct prior to infiltrating their intended victims' systems... The simultaneous use of this backdoor together with other tools with different levels of technical advancement implies that the threat actors are actively seeking to diversify their attack arsenal," said Check Point. Such findings come amid ThreatMon's discovery of living-off-the-land technique usage by APT41, also known as Wicked Panda, to facilitate PowerShell backdoor deployment.