Wednesday, May 14, 2025
HomeHacksChinese Cyber Espionage Group Targeting United States Engineering & Academic Organizations With...

Chinese Cyber Espionage Group Targeting United States Engineering & Academic Organizations With Advanced Hacking Tools

Published on

SIEM as a Service

Follow Us on Google News

Chinese cyber espionage actor actively distributing TEMP.Periscope malware campaign that used for set of powerful malware toolkit to compromise U.S Engineering and other  Organizations such as maritime industry, research institutes in the United States.

This malware actively distributing since 2017 along with other Chinese malware campaign but it used various infection approach with a revised toolkit.

This Chinese Cyber Espionage Group Primary focus on earlier stage was multiple targeting vectors including engineering firms, shipping and transportation, manufacturing, defense, government offices, and research universities.

- Advertisement - Google News

Most number of Identified infected victims by this group from the United States, also Europe and Hong Kong countries affected next to the U.S.

TEMP.Periscope also leveraging a large library of malware that used by other Chinese hacking groups. and its using tactics, techniques, and procedures (TTPs)

Also Read: OceanLotus APT Hacking Group Distributing Backdoor to Compromise Government Networks

List of Large Malware Library From Other Chinese Cyber Espionage Group

  • AIRBREAK  – JavaScript-based backdoor to compromise legitimate services by retrieves commands from hidden strings in compromised web pages.
  • BADFLICK – A Backdoor for generating a reverse shell, modifying the file system.
  • PHOTO –  A DLL backdoor creating a reverse shell to screen captures; recording video and audio.
  • HOMEFRY –  Windows password dumper/cracker using in other backdoor and revealed the password in cleartext credentials.
  • LUNCHMONEY- Dropbox file Exfiltration
  • MURKYTOP – command-line reconnaissance tool to delete files locally,  steal the information  OS, users, groups, and shares on remote hosts.
  • China Chopper: a simple code injection that allows the shell to upload and download files.

Also TEMP.Periscope leverage some of the old past operations and use it again.

  • Beacon –  a backdoor for injecting and executing arbitrary code, uploading and downloading files, and executing shell commands.
  • BLACKCOFFEE: a backdoor that obfuscates its communications
According to FireEye Report, this Chinese Cyber Espionage Group using aditional  TTPs such as,
  • Spear phishing, including the use of probably compromised email accounts.
  • Lure documents using CVE-2017-11882 to drop malware.
  • Stolen code signing certificates used to sign malware.
  • Use of bitsadmin.exe to download additional tools.
  • Use of PowerShell to download additional tools.
  • Using C:\Windows\Debug and C:\Perflogs as staging directories.
  • Leveraging Hyperhost VPS and Proton VPN exit nodes to access webshells on internet-facing systems.
  • Using Windows Management Instrumentation (WMI) for persistence.
  • Using Windows Shortcut files (.lnk) in the Startup folder that invoke the Windows Scripting Host (wscript.exe) to execute a Jscript backdoor for persistence.
  • Receiving C2 instructions from user profiles created by the adversary on legitimate websites/forums such as Github and Microsoft’s TechNet portal.

TEMP.Periscope Primarily focusing to steal research and development data, intellectual property.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Leverage Weaponized HTML Files to Deliver Horabot Malware

A recent discovery by FortiGuard Labs has unveiled a cunning phishing campaign orchestrated by...

TA406 Hackers Target Government Entities to Steal Login Credentials

The North Korean state-sponsored threat actor TA406, also tracked as Opal Sleet and Konni,...

Google Threat Intelligence Releases Actionable Threat Hunting Technique for Malicious .desktop Files

Google Threat Intelligence has unveiled a series of sophisticated threat hunting techniques to detect...

New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution

Adobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Threat Actors Leverage Weaponized HTML Files to Deliver Horabot Malware

A recent discovery by FortiGuard Labs has unveiled a cunning phishing campaign orchestrated by...

Katz Stealer Malware Hits 78+ Chromium and Gecko-Based Browsers

Newly disclosed information-stealing malware dubbed Katz Stealer has emerged as a significant threat to...

Hackers Weaponize KeePass Password Manager to Spread Malware and Steal Passwords

Threat actors have successfully exploited the widely-used open-source password manager, KeePass, to spread malware...