Network Security, Threat Intelligence

Southeast Asia targeted by new Crimson Palace attack clusters

Flag of China

More extensive compromise of Southeast Asian government organizations have been conducted by three China-linked threat clusters as part of the state-sponsored Crimson Palace cyberespionage operation, The Hacker News reports.

Simultaneous target infiltration and reconnaissance, network compromise, and data exfiltration activities have been performed by Clusters Alpha, Bravo, and Charlie, respectively, beginning March 2023, according to an analysis from Sophos. Despite only being active last March, the Unfading Sea Haze-linked Cluster Bravo was observed to have targeted nearly a dozen government agencies and organizations across Southeast Asia between January and June, while the Earth Longzhi-linked Cluster Charlie was able to deliver various command-and-control frameworks and malicious payloads from September 2023 to June 2024. Attacks by Cluster Charlie also involved open-source programs Alcatraz and RealBlindingEDR for antivirus systems bypass, as well as the TattleTale keylogger. "Throughout the engagement, the adversary appeared to continually test and refine their techniques, tools, and practices," researchers said.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds