""While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting organizations in Taiwan," Google Threat Intelligence Group (GTIG) researchers Harsh Parashar, Tierra Duncan, and Dan Perez saidsaid."
""This includes the repeated compromise of a regional digital marketing firm to execute supply chain attacks and the use of targeted phishing campaigns.""
APT24 deployed a previously undocumented malware named BADAUDIO to establish persistent remote access across compromised networks during a nearly three-year campaign. The group pivoted from broad strategic web compromises to more targeted vectors focused on organizations in Taiwan. The campaign involved repeated compromise of a regional digital marketing firm to enable supply chain attacks and the use of targeted phishing campaigns. Targeted sectors include government, healthcare, construction and engineering, mining, nonprofit, and telecommunications in the U.S. and Taiwan. Historical activity traces back to at least 2008 and has exploited Microsoft Office vulnerabilities such as CVE-2012-0158 and CVE-2014-1761. Associated malware families include CT RAT, MM RAT (Goldsun-B), Paladin RAT, Leo RAT, and the Taidoor backdoor.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]