New Chinese Cyberespionage Group WIP19 Aims at Telcos and IT Service Providers


A newly identified Chinese cyberespionage group has been deploying signed malware against IT service providers and telecommunications companies.

It is unclear whether this is a new iteration of Operation Shadow Force or the work of a different, more experienced adversary using new malware and techniques. SentinelOne tracks this advanced persistent threat (APT) as WIP19. Its activities show overlaps with Operation Shadow Force. WIP19 employs a number of malicious components that are signed by stolen certificates, primarily targeting organizations in the Middle East and Asia.

The group has so far been seen employing malware families like ScreenCap, SQLMaggie, and a credential dumper.

Read More: New Chinese Cyberespionage Group WIP19 Targets Telcos, IT Service Providers

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.