Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

Chinese Cyberspies Targeting ASEAN Entities

Two Chinese cyberespionage groups have been targeting entities and member countries affiliated with ASEAN.

Two China-linked cyberespionage groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN), Palo Alto Networks reports.

The first advanced persistent threat (APT) actor, tracked as Mustang Panda, Bronze President, Earth Preta, RedDelta, Stately Taurus, and TA416, has been active since at least 2012, conducting cyberespionage operations on behalf of the Chinese government.

Mustang Panda, Palo Alto Networks says, created two malicious packages days before the ASEAN-Australia Special Summit was held in early March 2024. The first targeted entities in the Philippines, Japan, and Singapore, while the second was aimed at Myanmar.

The first package is a renamed copy of KeyScrambler.exe, a legitimate anti-key logging program, that would sideload a malicious DLL and establish persistence by creating an autorun registry key. The code decrypts a payload believed to be PubLoad malware.

The second package, a screensaver executable (SCR), appears to have targeted the Myanmar military. When executed, it would attempt to fetch a benign executable and a malicious DLL from a remote server, once again using DLL sideloading to run the malware.

The second Chinese APT compromised an ASEAN-affiliated entity, with malicious activity observed throughout January and February. Previously, the threat actor was seen targeting government entities in Cambodia and compromising roughly two dozen organizations.

According to Palo Alto Networks, the targeting of ASEAN-affiliated entities is not surprising, considering their role in handling sensitive information about diplomatic relations and economic decisions.

“These types of campaigns continue to demonstrate how organizations are targeted for cyberespionage purposes, where nation-state affiliated threat groups collect intelligence of geopolitical interests within the region. We encourage organizations to leverage our findings to inform the deployment of protective measures to defend against these types of threats,” Palo Alto Networks concludes.

Advertisement. Scroll to continue reading.

Related: Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon

Related: Chinese APT Hacks 48 Government Organizations

Related: EU Organizations Warned of Chinese APT Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cyberwarfare

Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

Nation-State

A China-linked hackers are exploiting a vulnerability (CVE-2022-42475 ) in Fortinet FortiOS SSL-VPN, Mandiant claims.

Cyberwarfare

In a campaign called Volt Typhoon, Microsoft says Chinese government hackers were siphoning data from critical infrastructure organizations in Guam, a U.S. territory in...