Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong.
Kaspersky recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle East, starting in June 2023. Sighting this group’s TTPs in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them. This can help the threat intelligence community better understand the motives of this threat actor.
Read more…
Source: Kaspersky
Related:
- Dox, steal, reveal. Where does your personal data end up?
December 1, 2020
The technological shift that we have been experiencing for the last few decades is astounding, not least because of its social implications. Every year the online and offline spheres have become more and more connected and are now completely intertwined, leading to online actions having real consequences in the physical realm — both good and ...
- Gootkit malware returns to life alongside REvil ransomware
November 30, 2020
After a year-long vacation, the Gootkit information-stealing Trojan has returned to life alongside REvil Ransomware in a new campaign targeting Germany. The Gootkit Trojan is Javascript-based malware that performs various malicious activities, including remote access for threat actors, keystroke capturing, video recording, email theft, password theft, and the ability to inject malicious scripts to steal online ...
- Digitally Signed Bandook Trojan Reemerges in Global Spy Campaign
November 30, 2020
A wave of targeted cyberattack campaigns bent on espionage is cresting around the globe, using a strain of a 13-year old backdoor trojan named Bandook. According to Check Point Research, Bandook was last spotted being used in 2015 and 2017/2018, in the “Operation Manul” and “Dark Caracal” campaigns, respectively. The malware then all but disappeared from ...
- FINRA Alerts Firms to Phishing Email Using Invest-FINRA.org Domain Name
November 30, 2020
FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails that include the domain “@invest-finra.org”. FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident. The domain of “invest-finra.org” is not connected to FINRA and firms should delete ...
- A hacker is selling access to the email accounts of hundreds of C-level executives
November 30, 2020
A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week. The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which ...
- This new cyberattack can dupe DNA scientists into creating dangerous viruses and toxins
November 30, 2020
A new form of cyberattack has been developed which highlights the potential future ramifications of digital assaults against the biological research sector. On Monday, academics from the Ben-Gurion University of the Negev described how “unwitting” biologists and scientists could become victims of cyberattacks designed to take biological warfare to another level. At a time where scientists worldwide ...