The Spyder Loader malware has been noticed targeting govt businesses in Hong Kong, probable as element of a marketing campaign known as Operation CuckooBees.
As explained in a new advisory by security researchers at Symantec previously these days, the campaign was initially talked about publicly in a March 2021 blog by SonicWall, then even more analyzed in Might 2022 by Cybereason, who stated the threat actors had been active at the very least from 2019.
Now, Symantec has exposed that the victims just lately noticed in the activity observed by its security team ended up government organizations in Hong Kong, with the attackers remaining active on some networks for far more than a year.
“We noticed the Spyder Loader (Trojan.Spyload) malware deployed on sufferer networks, indicating this activity is probably aspect of that ongoing marketing campaign,” reads the Symantec advisory.
Further, the cybersecurity professionals have mentioned they saw other malware samples that carried out distinct things to do on target networks as part of Operation CuckooBees. These provided a modified SQLite dynamic-link library (DLL) that made a malicious service, the Mimikatz exploit and a Trojanized ZLib DLL with many destructive exports.
“While we did not see the ultimate payload in this marketing campaign, centered on the earlier activity observed along with the Spyder Loader malware, it looks probably the ultimate purpose of this activity was intelligence assortment,” Symantec wrote.
In accordance to the company, the fact that this marketing campaign has been ongoing for quite a few yrs and involves distinct variants of the Spyder Loader malware implies that the actors guiding this exercise are persistent adversaries with the specialized capability to have out stealthy functions on sufferer networks over a extended period of time.
“Companies that maintain important mental home need to guarantee that they have taken all sensible steps to maintain their networks shielded from this variety of activity,” Symantec warned.
The advisory contains a list of indicators of compromise (IOCs) relating to Procedure CuckooBees and a connection to the Symantec Security Bulletin for more data about the threats linked with it.
The campaign is not the initial one particular concentrating on entities in Hong Kong in the latest occasions and arrives weeks just after ESET published an advisory describing a Linux variant of the SideWalk backdoor made use of by the SparklingGoblin group to focus on a Hong Kong college in February 2021.
Some parts of this article are sourced from:
www.infosecurity-journal.com