Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Chinese hackers target Christian targets with new malware variant

Image Description

Researchers from Proofpoint have observed the APT actor TA416 resuming its malicious activity with a new malware variant following a brief respite which coincided with the Chinese National Day holiday back in September.

TA416, also known as “Mustang Panda” and “Red Delta”, is a Chinese APT (advanced persistent threat) group that uses its PlugX malware loader in targeted campaigns. The group is known for modifying its toolset to evade detection and make analysis by security researchers difficult.

Proofpoint has observed new phishing activity by TA416 which targeted entities associated with diplomatic relations between the Vatican and the Chinese Communist Party (CCP). The group also targeted entities in Myanmar as well as organizations conducting diplomacy efforts in Africa.

TA416's latest phishing campaign uses social engineering lures which reference the provisional agreement known as the Vatican Holy See which was recently renewed between the Vatican and the CCP. Spoofed email header fields were also discovered that appeared to imitate journalists from the Union of Catholic Asia News.

PlugX malware

Proofpoint researchers have identified two RAR archives which serve as PlugX malware droppers. Historically TA416 adds either Google Drive or Drobox URLs to its phishing emails that are used to deliver archives containing PlugX malware and related components.

As reported by ThreatPost, the PlugX remote access tool (RAT) allows a remote user to steal data and even take control of affected systems without permission or authorization. PlugX gives an attacker the ability to copy, move, rename, execute and delete files as well as log keystrokes, fingerprint the infected system and more.

This time around though, Proofpoint identified TA416's PlugX malware as a Golang binary. This file type has not been previously used by the group but the malware's functionality remains basically the same.

The Proofpoint Research Team provided further insight on their findings in a new report, saying:

“Continued activity by TA416 demonstrates a persistent adversary making incremental changes to documented toolsets so that they can remain effective in carrying out espionage campaigns against global targets. The introduction of a Golang PlugX loader alongside continued encryption efforts for PlugX payloads suggest that the group may be conscious of increased detection for their tools and it demonstrates adaptation in response to publications regarding their campaigns. These tool adjustments combined with recurrent command and control infrastructure revision suggests that TA416 will persist in their targeting of diplomatic and religious organizations.”

Date

24 Nov 2020

Sources


Share


Other Blog

  • This Microsoft Edge update is a dream for all you clumsy typists

    Spelling errors may soon be a thing of the past for Microsoft Edge users thanks to a new update coming to the software.

    The company has revealed it is working on bringing a new "text predictions" feature to its browser that uses Microsoft's own in-house AI and ML technology to offer word suggestions to users.

    This feature will initially be available to Windows 10 and Windows 11 users in the Edge Canary Channel, but should be coming to a wider audience soon.

    Microsoft Edge text predictions

    The change will see Microsoft Edge utilizing a similar process seen in the company's Outlook platform and Microsoft Editor service.

    Predictions or suggestions will be displayed in a greyed-out suggestion box shown when the user is typing in Microsoft Edge. Users can accept a text prediction suggestion by clicking Tab or pressing the right arrow key - and to ignore a suggestion, just continue typing and the preview will disappear.

    Users can try out the new addition now, but will need to be members of the Edge Canary Channel to do so. There's no news on a wider release date just yet, but given Microsoft's past track record, the tool should come to the market soon.

    It's the latest in a series of recent upgrades for Microsoft Edge as the company looks to keep users engaged and away from competitors such as Google Chrome.

    This includes the launch of a new "Games" panel in the browser, along with a new twist on the RSS-style Followable Web feature that lets users follow their favorite YouTube creators with the press of a button.

    Although Chrome only offers text suggestions in the URL search bar, several other Google tools provide predictive text tools for users.

    Autocorrect came to Google Docs back in February 2020, with the company's Smart Compose tool looking to help users stamp out spelling or grammar mistakes following its launch on Gmail all the way back in 2018.

    Smart Compose automatically suggests the next few words of a sentence based on what you've already typed, learning from your writing habits to become more accurate over time.

    Via WindowsLatest

    Read More
  • Managed VPS hosting support - what can they do for you?

    By choosing a managed VPS hosting solution you'll get access to your own server along with robust support options.

    Read More
  • Sainsbury’s online: how to book a grocery delivery slot, click-and-collect, and opening hours today

    You can book a food delivery from Sainsbury's online, which is showing good availability.

    Read More
  • Court stops Future Retail's acquisition by Reliance - upholds Singapore ruling

    Reliance had announced acquisition of its rival Future Retail for Rs.24,713 crore, which was opposed by Amazon on grounds that it had not been consulted on the deal.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us