"What policy wonk wouldn't want to click on an attachment promising to unveil US plans for Venezuela? Chinese cyberspies used just such a lure to target US government agencies and policy-related organizations in a phishing campaign that began just days after an American military operation captured Venezuelan President Nicolás Maduro. Acronis Threat Research Unit discovered the campaign after finding a zip file named "US now deciding what's next for Venezuela" uploaded in early January to VirusTotal."
"This combination, along with other factors such as infrastructure and technical overlaps, helped the security sleuths attribute the phishing campaign with "moderate confidence" to a Beijing-backed espionage crew called Mustang Panda (aka UNC6384, Twill Typhoon). US law enforcement and cyber agents have tracked Mustang Panda for years, and blamed the snoops for breaking into "numerous government and private organizations" in the US, Europe, and the Indo-Pacific region."
""This was a precise, targeted campaign, not a wide-reaching or random attack. The targeting appears selective rather than broad spray and pray," Pontiroli told The Register. "The threat actor responsible fits into a broader pattern of ongoing cyberespionage activity that is opportunistic and event-responsive rather than static," he added. "In this particular campaign, the threat actor moved fast immediately after Maduro was captured.""
Acronis Threat Research Unit discovered a targeted phishing campaign after finding a zip file named "US now deciding what's next for Venezuela" uploaded to VirusTotal in early January. The archive contained a legitimate executable and a hidden DLL-based backdoor named Lotuslite. Infrastructure and technical overlaps led analysts to attribute the operation with moderate confidence to Beijing-backed Mustang Panda (UNC6384, Twill Typhoon). US law enforcement has tracked Mustang Panda for years and linked it to intrusions against government and private organizations across the US, Europe, and Indo-Pacific. The campaign was selective, opportunistic, and moved quickly after Venezuelan President Nicolás Maduro was captured; success of compromises remains unknown.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]