An advanced persistent threat (APT) group from China is reportedly targeting the Southeast Asian governments for the last three years. A Bitdefender study noted that the infrastructures of those attackers are still active – even though many of the control servers and commands are inactive.
This act is believed to be state-sponsored as the sophisticated group has been using various malware tools. The list includes the Chinoxy backdoor, FunnyDream backdoor, and PCShare RAT.
Basically, the open-source tools appear to be of Chinese origin. The report claims, “Some evidence suggests threat actors may have managed to compromise domain controllers from the victim’s network, allowing them to move laterally and potentially gain control over a large number of machines from that infrastructure.”
Source: SecurityWeek