Threat Intelligence

Numerous Chinese hackers set sights on Southeast Asian government

Share

China has been intensifying cyberespionage operations against Southeast Asia, as evidenced by the targeting of a Southeast Asian government by various China-linked threat actors, including Mustang Panda, also known as Stately Taurus, Gelsemium, and Alloy Taurus, also known as Granite Typhoon, The Hacker News reports. Attacks by Mustang Panda against the Southeast Asian government lasted between the second quarter of 2021 and the third quarter of this year, with threat actors leveraging China Chopper web shells, a novel TONESHELL backdoor variant, ShadowPad, and other sophisticated tools to facilitate continuous intelligence gathering and sensitive data exfiltration efforts, a report from Palo Alto Networks Unit 42 revealed. On the other hand, Gelsemium targeted the government's vulnerable Internet Information Services servers during a six-month period from 2022 to 2023 with several web shells and the SessionManager and OwlProxy backdoors. Meanwhile, Alloy Taurus deployed a six-wave attack campaign since early 2022 that exploited Microsoft Exchange Server vulnerabilities to facilitate web shell deployment and the delivery of the novel ReShell and Zapoa malware strains. Credential theft activities were also conducted by Alloy Taurus during the attack period.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.