The Spyder Loader malware has been observed targeting government organizations in Hong Kong, possible as element of a marketing campaign termed Procedure CuckooBees.
As explained in a new advisory by security researchers at Symantec earlier currently, the marketing campaign was first reviewed publicly in a March 2021 blog by SonicWall, then even further analyzed in Might 2022 by Cybereason, who mentioned the threat actors were energetic at minimum from 2019.
Now, Symantec has unveiled that the victims a short while ago observed in the activity noticed by its security team have been federal government businesses in Hong Kong, with the attackers remaining energetic on some networks for more than a 12 months.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“We saw the Spyder Loader (Trojan.Spyload) malware deployed on victim networks, indicating this activity is probable element of that ongoing campaign,” reads the Symantec advisory.
Further more, the cybersecurity experts have claimed they observed other malware samples that carried out various activities on sufferer networks as section of Procedure CuckooBees. These bundled a modified SQLite dynamic-backlink library (DLL) that established a destructive company, the Mimikatz exploit and a Trojanized ZLib DLL with a number of malicious exports.
“While we did not see the greatest payload in this marketing campaign, based on the prior action witnessed together with the Spyder Loader malware, it looks probably the greatest goal of this activity was intelligence selection,” Symantec wrote.
According to the organization, the point that this marketing campaign has been ongoing for numerous decades and involves unique variants of the Spyder Loader malware implies that the actors guiding this exercise are persistent adversaries with the specialized capacity to have out stealthy functions on sufferer networks in excess of a extended time period of time.
“Companies that hold precious intellectual house must guarantee that they have taken all affordable ways to retain their networks shielded from this kind of activity,” Symantec warned.
The advisory includes a record of indicators of compromise (IOCs) concerning Operation CuckooBees and a connection to the Symantec Security Bulletin for further info about the threats connected with it.
The marketing campaign is not the initially one particular focusing on entities in Hong Kong in latest situations and will come months just after ESET published an advisory describing a Linux variant of the SideWalk backdoor used by the SparklingGoblin team to concentrate on a Hong Kong university in February 2021.
Some pieces of this short article are sourced from:
www.infosecurity-magazine.com