According to Symantec, a newly identified advanced persistent threat (APT) actor has been seen using a supply chain attack to deploy the PlugX backdoor, primarily targeting businesses in Hong Kong.
The adversary, known as Carderbee, was observed abusing the genuine Cobra DocGuard software, which aids users in protecting, encrypting, and decrypting applications. EsafeNet, a subsidiary of the Chinese information security company NSFocus, created the tool.
Following a malicious update, Cobra DocGuard was misused in a supply chain attack in September 2022 that was directed at a gambling organization in Hong Kong. APT27 (Budworm, LuckyMouse), which infiltrated the same business in September 2021, was blamed for the attack.
Read More: New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.