Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China.
Linking the attacks to Palmerworm (aka BlackTech) — likely a China-based advanced persistent threat (APT) — Symantec’s Threat Hunter Team said the first wave of activity associated with this campaign began last year in August 2019, although their ultimate motivations still remain unclear.
“While we cannot see what Palmerworm is exfiltrating from these victims, the group is considered an espionage group and its likely motivation is considered to be stealing information from targeted companies,” the cybersecurity firm said.
Among the multiple victims infected by Palmerworm, the media, electronics, and finance companies were all based in Taiwan, while an engineering company in Japan and a construction firm in China were also targeted.
In addition to using custom malware to compromise organizations, the group is said to have remained active on the Taiwanese media company’s network for a year, with signs of activity observed as recently as August 2020, potentially implying China’s continued interest in Taiwan.
This is not the first time the BlackTech gang has gone after business in East Asia. A 2017 analysis by Trend Micro found the group to have orchestrated three campaigns — PLEAD, Shrouded Crossbow, and Waterbear — with an intent to steal confidential documents and the target’s intellectual property.
Stating that some of the identified malware samples matched with PLEAD, the researchers said they identified four previously undocumented backdoors (Backdoor.Consock, Backdoor.Waship, Backdoor.Dalwit, and Backdoor.Nomri), indicating “they may be newly developed tools, or the evolution of older Palmerworm tools.”…
Continue Reading