Symantec has observed a likely continuation of the Operation CuckooBees activity, this time targeting organizations in Hong Kong.
Operation CuckooBees was first documented in May 2022 by researchers at Cybereason, who said the intelligence-gathering campaign had been operating under the radar since at least 2019, stealing intellectual property and other sensitive data from victims.
The victims observed in the activity seen by Symantec were government organizations, with the attackers remaining active on some networks for more than a year. Symantec researchers saw the Spyder Loader (Trojan.Spyload) malware deployed on victim networks, indicating this activity is likely part of that ongoing campaign.
Read more…
Source: Symantec