China APT group using Russia invasion, COVID-19 in phishing attacks

28 March 2022

A China-based threat group is likely running a month-long campaign using a variant of the Korplug malware and targeting European diplomats, internet service providers (ISPs) and research institutions via phishing lures that refer to Russia’s invasion of Ukraine and COVID-19 travel restrictions. The ongoing campaign was first seen in August 2021 and is being tied to Mustang Panda – a Chinese APT unit also known as TA416, RedDelta and PKPLUG – due to similar code and common tactics, techniques and procedures used by the group in the past, according to researchers with the cybersecurity firm ESET.

Read full article on The Register

Date:

28 March 2022

Categorie(s):

NEWS

Tag(s):

APT, China, COVID-19, IT, Russia

CalypsoAI introduces customizable generative AI security scanners for enterprises2 May 2024
Illumio and Wiz’s integration enhances cyber resilience in the cloud2 May 2024
Threat Actors Attacking MS-SQL Servers to Deploy Ransomware2 May 2024
Deep Instinct DIANNA provides malware analysis for unknown threats2 May 2024
Veracode platform enhancements help organizations reduce application risk2 May 2024