Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong.
Kaspersky recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle East, starting in June 2023. Sighting this group’s TTPs in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them. This can help the threat intelligence community better understand the motives of this threat actor.
Read more…
Source: Kaspersky
Related:
- Kremlin spokesman lists top countries where cyber attacks originate
June 17, 2021
Kremlin Spokesman Dmitry Peskov has prepared a list of the top countries, where cyber attacks originate, at the request of Russian President Vladimir Putin, handing over this list to reporters. “In the first half of 2020, the leaders among all countries where all types of cyber attacks originated are: the US, Canada, Brazil, Mexico, the UK,” ...
- Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions
June 17, 2021
A recently discovered Bash ransomware piqued our interest in multiple ways. Upon investigating, we found that the attack chain is fully implemented as a bash script, but it also seems that the scripts are still under development. Most components of this attack mainly target Red Hat and CentOS Linux distributions; however, in some scripts Debian-based Linux ...
- Matanbuchus: Malware-as-a-Service with Demonic Intentions
June 16, 2021
Unit 42 researchers often spend time investigating what we call non-traditional sources. Non-traditional sources often include underground marketplaces and sites, spanning from forums on the Tor network to Telegram channels and other marketplaces. One such case that we investigated involves a threat actor called BelialDemon, who is a member of several underground forums and marketplaces. In ...
- Ferocious Kitten: 6 years of covert surveillance in Iran
June 16, 2021
Ferocious Kitten is an APT group that since at least 2015 has been targeting Persian-speaking individuals who appear to be based in Iran. Although it has been active for a long time, the group has mostly operated under the radar and has not been covered by security researchers to the best of our knowledge. It ...
- Ransomware Poll: 80% of Victims Don’t Pay Up
June 16, 2021
Ransomware is on the rise, but what toll does it take on the real world? Threatpost set out to answer that question in an exclusive poll aimed at taking the pulse of organizations wrestling with attacks, including looking at mitigations and the defenses organizations have in place. When viewed against the backdrop of complementary reports from ...
- Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
June 16, 2021
Mandiant observed DARKSIDE affiliate UNC2465 accessing at least one victim through a Trojanized software installer downloaded from a legitimate website. While this victim organization detected the intrusion, engaged Mandiant for incident response, and avoided ransomware, others may be at risk. As reported in the Mandiant post, “Shining a Light on DARKSIDE Ransomware Operations,” Mandiant Consulting has ...