Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Chinese hackers target Christian targets with new malware variant

Image Description

Researchers from Proofpoint have observed the APT actor TA416 resuming its malicious activity with a new malware variant following a brief respite which coincided with the Chinese National Day holiday back in September.

TA416, also known as “Mustang Panda” and “Red Delta”, is a Chinese APT (advanced persistent threat) group that uses its PlugX malware loader in targeted campaigns. The group is known for modifying its toolset to evade detection and make analysis by security researchers difficult.

Proofpoint has observed new phishing activity by TA416 which targeted entities associated with diplomatic relations between the Vatican and the Chinese Communist Party (CCP). The group also targeted entities in Myanmar as well as organizations conducting diplomacy efforts in Africa.

TA416's latest phishing campaign uses social engineering lures which reference the provisional agreement known as the Vatican Holy See which was recently renewed between the Vatican and the CCP. Spoofed email header fields were also discovered that appeared to imitate journalists from the Union of Catholic Asia News.

PlugX malware

Proofpoint researchers have identified two RAR archives which serve as PlugX malware droppers. Historically TA416 adds either Google Drive or Drobox URLs to its phishing emails that are used to deliver archives containing PlugX malware and related components.

As reported by ThreatPost, the PlugX remote access tool (RAT) allows a remote user to steal data and even take control of affected systems without permission or authorization. PlugX gives an attacker the ability to copy, move, rename, execute and delete files as well as log keystrokes, fingerprint the infected system and more.

This time around though, Proofpoint identified TA416's PlugX malware as a Golang binary. This file type has not been previously used by the group but the malware's functionality remains basically the same.

The Proofpoint Research Team provided further insight on their findings in a new report, saying:

“Continued activity by TA416 demonstrates a persistent adversary making incremental changes to documented toolsets so that they can remain effective in carrying out espionage campaigns against global targets. The introduction of a Golang PlugX loader alongside continued encryption efforts for PlugX payloads suggest that the group may be conscious of increased detection for their tools and it demonstrates adaptation in response to publications regarding their campaigns. These tool adjustments combined with recurrent command and control infrastructure revision suggests that TA416 will persist in their targeting of diplomatic and religious organizations.”

Date

24 Nov 2020

Sources

Share

Other Blog

  • Best web development tools of 2021: software platforms for website developers

    Grab the right tools to get web development done without breaking a sweat, covering everything from design and coding platforms.

    Read More

  • Microsoft is making another big change to Windows 11

    It appears Microsoft is making a big change to one of Windows 11’s most useful features, with a redesigned Task Manager appearing in a new preview build.

    Preview builds of Windows 11 are made available to select users who have signed up to be ‘Windows Insiders’. They can check out new and upcoming features, while pointing out any issues or bugs, giving Microsoft a good idea of the kind of reception the new feature will get, while also having any problems pointed out and fixed, before it gets rolled out to all Windows 11 users.

    As Windows Central reports, the latest build, 22538, comes with a tweaked Task Manager with a new design that’s more in keeping with the rest of Windows 11’s look. Not only does it now look more like it belongs in Windows 11, the tabs for switching between views are no longer at the top of the app. Instead, they run down the left-hand side as a menu, much like most modern Windows 11 apps.

    Microsoft hasn’t mentioned any tweaks to the Task Manager, and it appears that the version in build 22538 is extremely early, as it’s not fully functional. If you rely on Task Manager, as many of us do (it’s a handy tool for closing unresponsive programs or checking how your system is running), then give Windows 11 build 22538 a miss for now.

    Still, it gives us an idea of what Microsoft is planning for the iconic Task Manager.

    Analysis: tweak carefully

    We’re always pleased to hear that Microsoft is working on improving its legacy apps and bringing them in line with Windows 11. Many of the apps that come with Windows 11, such as Paint, have appearing in various versions of Windows for decades now, so many of them are well overdue a facelift, while also getting added features to make them more useful.

    Task Manager is one such tool. It’s been a staple of Windows releases since Windows NT 4.0 back in 1996, and it’s one of the most useful tools included in the operating system. When you press Ctrl + Shift + Esc, Task Manager will appear and show all the apps, services and processes that are currently running on your PC.

    If your PC is running slowly, checking Task Manager is a good way to see if there’s a particular app that’s causing issues. Also, if an app crashes and becomes unresponsive, opening up Task Manager allows you to close it.

    It’s packed with handy features, many which haven’t changed in years, and while Microsoft’s moves to make it fit in more with Windows 11’s overall look is to be welcomed, we’d also urge caution. When tweaking such a useful legacy app, Microsoft needs to be careful not to drop handy features or simply the app too much – as it could frustrate users who have come to depend on Task Manager.

    Microsoft does need to ensure that the look and feel of Windows 11 remains consistent over both new apps and older ones as well, but it also needs to make sure that doesn’t come at the cost of usability.

    Hopefully, we’ll get a clearer idea of what Microsoft is planning to do with Task manager in Windows 11 in upcoming Insider builds.

    Read More

  • Acer Aspire 7 powered by AMD Ryzen 5000 CPU launched in India

    Acer Aspire 7 comes in a single Charcoal Black colour option, has a backlit keyboard and is one of the most compact gaming laptops available right now

    Read More

  • OVHcloud begins journey to go public with potential IPO

    OVHcloud is set to begin the process for a potential listing in Paris.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us