Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong.
Kaspersky recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle East, starting in June 2023. Sighting this group’s TTPs in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them. This can help the threat intelligence community better understand the motives of this threat actor.
Read more…
Source: Kaspersky
Related:
- Toronto public transportation system reports ransomware attack
November 2, 2021
The Toronto Transit Commission (TTC) — which runs the city’s public transportation system — reported a ransomware attack this weekend that forced conductors to use radio, crippled the organization’s email system and made schedule information on platforms and apps unavailable. In a statement on Friday, the TTC said it confirmed it was the victim of a ...
- ‘Trojan Source’ Hides Invisible Bugs in Source Code
November 1, 2021
Researchers have found a new way to encode potentially evil source code, such that human reviewers see a harmless version and compilers see the invisible, wicked version. Named “Trojan Source attacks,” the method “exploits subtleties in text-encoding standards such as Unicode to produce source code whose tokens are logically encoded in a different order from the ...
- Canadian province health care system disrupted by cyberattack
November 1, 2021
The Canadian province of Newfoundland and Labrador has suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals. The attack took place on October 30th, causing regional health systems to shut down their networks and cancel thousands of medical appointments. This outage affected health systems in Central Health, Eastern Health, Western Health, ...
- Spam and phishing in Q3 2021
November 1, 2021
This summer and early fall saw some major international sporting events. The delayed Euro 2020 soccer tournament was held in June and July, followed by the equally delayed Tokyo Olympics in August. Q3 2021 also featured several F1 Grand Prix races. There was no way that cybercriminals and profiteers could pass up such a golden ...
- Cring ransomware continues assault on industrial organizations with aging applications, VPNs
November 1, 2021
The Cring ransomware group continues to make a name for itself through attacks on aging ColdFusion servers and VPNs after emerging earlier this year. Experts like Digital Shadows Sean Nikkel told ZDNet that what makes Cring interesting is that so far, they appear to specialize in using older vulnerabilities in their attacks. “In a previous incident, Cring ...
- Office 365 Phishing Campaign Uses Kaspersky’s Amazon SES Token
November 1, 2021
A surge in spearphishing emails designed to steal Office 365 credentials were rigged to look like they came from a Kaspersky email address. In spite of coming from sender addresses such as [email protected], nobody at Kaspersky sent the phishing emails, the security company said in an advisory issued on Monday. Rather, the emails were sent with ...