Scarab, a Chinese threat actor, has been linked to a backyard stable called HeaderTip as part of a Ukrainian-led campaign since Russia launched an attack last month. This is the second China-based hacking group after Mustang Panda to take advantage of the conflict.
SentinelOne researcher Tom Hegel has discovered the malicious group. The report contains advice from Ukraine’s Computer Emergency Response Team (CERT-UA), outlining a sensitive identity theft campaign that led to the submission of a RAR file that archives.
The file comes with an executable designed to open a decoy file while stealthily dropping a malicious DLL called HeaderTip in the background.