Numerous high-profile organizations across Southeast Asia, including government agencies from two countries, a telecommunications firm, and an air traffic control entity, have been compromised by a suspected Chinese threat operation as part of a cyberespionage campaign that commenced in October 2023, The Hacker News reports.
Attacks involved the exploitation of open-source and living-off-the-land tactics previously associated with Chinese advanced persistent threat groups, including the Rakshasa and Stowaway reverse proxy programs, the PlugX remote access trojan, and custom DLL files enabling login credential exfiltration, according to an analysis from the Symantec Threat Hunter Team. "The geographical location of targeted organizations, as well as the use of tools linked previously to China-based APT groups, suggests that this activity is the work of China-based actors," said researchers, who also noted the threat actors' prolonged attack dwell times to indicate the operation's sophistication. Such findings follow a joint SentinelOne SentinelLabs and Tinextra Cyber report detailing a China-linked cyberespionage campaign against Southern European business-to-business IT service providers.
