An advanced persistent threat (APT) group from China is targeting the Southeast Asian governments for the past three years. A recent Bitdefender report noted that the infrastructure of those attackers are still active – even though many of the command and control servers are inactive.
The act is believed to be state-sponsored. The sophisticated group has been using different malware tools, including the Chinoxy backdoor, FunnyDream backdoor, and PCShare RAT.
Read More: How Disinformation Affects CISOs
These open-source tools appear to be of Chinese origin. The report explains, “Some evidence suggests threat actors may have managed to compromise domain controllers from the victim’s network, allowing them to move laterally and potentially gain control over a large number of machines from that infrastructure.”