Chinese cyber espionage actor actively distributing TEMP.Periscope malware campaign that used for set of powerful malware toolkit to compromise U.S Engineering and other Organizations such as maritime industry, research institutes in the United States.
This malware actively distributing since 2017 along with other Chinese malware campaign but it used various infection approach with a revised toolkit.
This Chinese Cyber Espionage Group Primary focus on earlier stage was multiple targeting vectors including engineering firms, shipping and transportation, manufacturing, defense, government offices, and research universities.
Most number of Identified infected victims by this group from the United States, also Europe and Hong Kong countries affected next to the U.S.
TEMP.Periscope also leveraging a large library of malware that used by other Chinese hacking groups. and its using tactics, techniques, and procedures (TTPs)
Also Read: OceanLotus APT Hacking Group Distributing Backdoor to Compromise Government Networks
Also TEMP.Periscope leverage some of the old past operations and use it again.
According to FireEye Report, this Chinese Cyber Espionage Group using aditional TTPs such as,
- Spear phishing, including the use of probably compromised email accounts.
- Lure documents using CVE-2017-11882 to drop malware.
- Stolen code signing certificates used to sign malware.
- Use of bitsadmin.exe to download additional tools.
- Use of PowerShell to download additional tools.
- Using C:\Windows\Debug and C:\Perflogs as staging directories.
- Leveraging Hyperhost VPS and Proton VPN exit nodes to access webshells on internet-facing systems.
- Using Windows Management Instrumentation (WMI) for persistence.
- Using Windows Shortcut files (.lnk) in the Startup folder that invoke the Windows Scripting Host (wscript.exe) to execute a Jscript backdoor for persistence.
- Receiving C2 instructions from user profiles created by the adversary on legitimate websites/forums such as Github and Microsoft’s TechNet portal.
TEMP.Periscope Primarily focusing to steal research and development data, intellectual property.
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…
The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…
Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…
A security researcher discovered a vulnerability in Windows theme files in the previous year, which…
The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…