Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong

A previously unknown advanced persistent threat (APT) group used the legitimate Cobra DocGuard software to carry out a supply chain attack with the goal of deploying the Korplug backdoor (aka PlugX) onto victim computers. In the course of this attack, Read More …

THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group

While monitoring the Microsoft Exchange Server attacks in March 2021, Unit 42 researchers identified a PlugX variant delivered as a post-exploitation remote access tool (RAT) to one of the compromised servers. The variant observed by Unit 42 is unique in Read More …

China-linked TA428 Continues to Target Russia and Mongolia IT Companies

Recorded Future’s Insikt Group recently identified renewed activity attributed to the suspected Chinese threat activity group TA428. The identified activity overlaps with a TA428 campaign previously reported by Proofpoint as “Operation LagTime IT”, which targeted Russian and East Asian government Read More …