Chinese advanced persistent threat operation TGR-STA-0043, previously tracked as CL-STA-0043, has targeted at least seven government organizations across Asia, Africa, and the Middle East as part of the Operation Diplomatic Specter cyberespionage campaign that commenced in late 2022, reports The Hacker News.
Intrusions of the Chinese APT involved the utilization of Gh0st RAT variants TunnelSpecter and SweetSpecter, as well as the exploitation of the ProxyShell and ProxyLogon vulnerabilities, to facilitate stealthy network infiltration, arbitrary command execution, data exfiltration, and additional malware deployment, a report from Palo Alto Networks Unit 42 showed.
Such an operation — which leveraged infrastructure previously linked to Chinese hacking groups Mustang Panda, APT27, and Winnti — primarily targeted information regarding diplomatic missions, military operations, and foreign affairs ministries, researchers added.
"The exfiltration techniques observed as part of Operation Diplomatic Specter provide a distinct window into the possible strategic objectives of the threat actor behind the attacks," said researchers.