Pierluigi Paganini March 11, 2023
PlugX malware delivered by exploiting flaws in Chinese programs

Researchers observed threat actors deploying PlugX malware by exploiting flaws in Chinese remote control programs Sunlogin and Awesun. Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun. Sunlogin RCE vulnerability (CNVD-2022-10270 / CNVD-2022-03672) is known to be […]

Pierluigi Paganini May 09, 2022
Experts uncovered a new wave of attacks conducted by Mustang Panda

China-linked Mustang Panda APT group targets entities in Asia, the European Union, Russia, and the US in a new wave of attacks. In February 2022, Cisco Talos researchers started observing China-linked cyberespionage group Mustang Panda conducting phishing attacks against European entities, including Russian organizations. The attacks were also reported by Google’s TAG team, which confirmed they were for […]

Pierluigi Paganini May 03, 2022
China-linked Moshen Dragon abuses security software to sideload malware

A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage […]

Pierluigi Paganini July 09, 2016
NetTraveler APT still targets European and Russian interests

Security experts from ProofPoint have spotted a new campaign operated by the APT Group NetTraveler that is targeting Russian and European organizations. NetTraveler is an ATP group first spotted by Kaspersky in 2013, when researchers discovered an espionage activity against over 350 high profile victims from 40 countries. The name of the operation derives from the malicious […]

Pierluigi Paganini January 23, 2016
New RAT Trochilus, a sophisticated weapon used by cyber spies

Researchers spotted a new espionage campaign relying on a number of RATs including the powerful Trochilus threat. Security experts have uncovered a new remote access Trojan (RAT) named Trochilus that is able to evade sandbox analysis. The Trochilus malware was used to targeted attacks in multi-pronged cyber espionage operations. Experts at Arbor Networks uncovered a cyber […]

Pierluigi Paganini January 21, 2015
PlugX RAT compromised official releases of popular games in Asia

Hacks in Taiwan security conference has uncovered a malware-based attack involving several online games to spread the PlugX RAT. Experts at Trend Micro have spotted a new malicious campaign based on the popular PlugX RAT, the threat actor behind the attack has bundled the malware with League of Legends (LoL) and Path of Exile (PoE) […]

Pierluigi Paganini August 11, 2014
Sophisticated evasion techniques adopted in the Op Poisoned Hurricane

Researchers at FireEye have uncovered a new campaign dubbed Poisoned Hurricane characterized by the use of some clever techniques to avoid being detected. Security experts at FireEye revealed that several Internet infrastructure service providers in the United States and Asia, a financial institution, a government organization located in Asia and a US-based media company suffered […]

Pierluigi Paganini June 27, 2014
PlugX RAT with Time Bomb abuses Dropbox in targeted attacks

Trend Micro analyzed a targeted attack against a Taiwanese government entity which used a variant of the PlugX RAT that abuses the Dropbox service. Researchers from Trend Micro discovered that a targeted attack against a government agency in Taiwan was conducted using a variant of the PlugX remote access tool (RAT) which abuses the popular file hosting service […]