"Proofpoint said this week that it had spotted a Chinese state-backed crew TA415 - also known as APT41, Wicked Panda or Brass Typhoon - using carefully crafted phishing emails to compromise US government agencies, think tanks, and academic organisations. The lures were themed around US-China economic and trade policy, and in some cases spoofed the identity of Republican Congressman John Robert Moolenaar, who chairs the House Select Committee on the Chinese Communist Party."
"Rather than dropping noisy malware, the crew relied on subtler methods: password-protected archives carrying a Python loader dubbed WhirlCoil, and developer tools such as Visual Studio Code Remote Tunnels to establish persistence while blending into legitimate network activity. The attackers also leaned on legitimate cloud services like Google Sheets and Zoho WorkDrive for command-and-control to stay under the radar."
"Proofpoint's threat research team said the operation's timing was no accident. The campaigns ran through July and August, overlapping with high-level trade negotiations and debates over China policy in Washington. Proofpoint believes the objective was to gather intelligence on the trajectory of US-China economic relations and possible legislative responses."
Chinese state-aligned threat actor TA415 conducted trade-themed phishing campaigns targeting US government agencies, think tanks, and academic organizations. The attackers spoofed high-profile identities and used password-protected archives carrying a Python loader called WhirlCoil. The operation leveraged developer tools like Visual Studio Code Remote Tunnels and legitimate cloud services such as Google Sheets and Zoho WorkDrive for stealthy command-and-control and persistence. Campaign activity occurred during July and August, coinciding with major trade negotiations and China policy debates in Washington. The objective focused on gathering intelligence about US-China economic relations and potential legislative responses.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]