• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Billbug Targets Government Agencies in Multiple Asian Countries

You are here: Home / General Cyber Security News / Billbug Targets Government Agencies in Multiple Asian Countries
November 15, 2022

Point out-sponsored actors in the Billbug group (aka Lotus Blossom and Thrip) have tried to compromise a digital certificate authority in an Asian region for the duration of a campaign focusing on a number of govt agencies.

Security researchers from Symantec have created the discovery and shared the results in an advisory published previously now.

“In activity documented by Symantec in 2019, we thorough how the group was utilizing a backdoor regarded as Hannotog and another backdoor acknowledged as Sagerunex. Both of those these resources ended up also seen in this a lot more modern action,” reads the specialized compose-up.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The organization included that all the victims in this the latest Billbug campaign were based mostly in numerous nations around the world in Asia.

“Billbug is recognised to aim on targets in Asian countries. In at the very least a person of the govt victims, a huge selection of devices on the network ended up compromised by the attackers,” Symantec spelled out.

According to the security company, the concentrating on of a certificate authority is notable. If the attackers could compromise it and access certificates, they could use them to signal malware with a valid certification and support it keep away from detection on target devices. It could also use compromised certificates to intercept HTTPS website traffic.

“However, while this is a achievable motivation for targeting a certificate authority, Symantec has found no evidence to advise they ended up prosperous in compromising electronic certificates,” wrote the corporation.

In conditions of how the attacks ended up executed, Billbug was noticed exploiting community-struggling with purposes to gain original entry to victim networks and, in certain, twin-use equipment. These integrated AdFind, WinRAR and Port Scanner, amongst many others.

“Multiple information that are considered to be loaders for the Hannotog backdoor had been spotted on sufferer equipment,” Symantec wrote. “A backdoor was then deployed on the compromised process. This backdoor has many functionalities.”

Amongst its different capabilities, the backdoor could produce a company for persistence, prevent other services and add encrypted information.

Symantec verified it experienced notified the certificate authority to inform them of this exercise. The advisory arrives two months immediately after Interpol claimed to have dismantled an worldwide cybercrime ring that produced an estimated $47,000 from extorting dozens of victims in Asia.


Some elements of this report are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Remote Code Execution Discovered in Spotify’s Backstage
Next Post: Google to Roll Out Privacy Sandbox Beta on Android 13 by Early 2023 google to roll out privacy sandbox beta on android 13»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.