Carderbee Hacking Group Uses Legitimate Software in Supply Chain Attack

23 August 2023

For a supply chain attack and to plant the Korplug backdoor (aka PlugX) on the systems of the targeted victims, an unknown APT group was found to be using the “Cobra DocGuard.” Cobra DocGuard is a legit software package that enables users to manage their Consolidated Omnibus Budget Reconciliation Act documents, and it’s designed by “EsafeNet,” a Chinese company. Cybersecurity experts at Symantec discovered that threat actors behind this unknown APT group, which is dubbed as “Carderbee” was found to be using the legitimate Microsoft certificate to sign malware.

Source: GBHackers

Date:

23 August 2023

Categorie(s):

NEWS

Tag(s):

China, Cyber Threats, Malware, New, Targeted

Bogus npm Packages Used to Trick Software Developers into Installing Malware27 April 2024
7-Year-Old 0-Day in Microsoft Office Exploited to Drop Cobalt Strike27 April 2024
AI Helps Improve About Managed Detection and Response26 April 2024
TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland – SWN #38126 April 2024
Impact of organizational structure on ransomware outcomes: Where does your org fit in?26 April 2024