With the year about to end its first quarter, we have already seen a deluge of cyber-espionage campaigns. Adding to the tally, yet another one is detected by researchers.
What Transpired?
A cyber-espionage campaign was spotted by researchers that targeted government and military organizations in Vietnam through DLL- side loading. A threat actor related to Cycldek was attributed for the execution of the campaign. This threat actor shares similarities with Cycldek although it is deemed to be more sophisticated than the latter. It is rumored that the operators of Cycldek have joined or formed a new team altogether.
With the sole purpose of collecting political intelligence, this campaign was executed from June 2020 to January 2021. However, the specific targets of this campaign remain to be secret to date.
Analysis of its malicious code was prevented due to the tactics used to propagate the FoundCore Trojan.
From the tightly coupled infection chain, single pieces cannot be recovered that implies, security teams don’t have a broader picture of the malicious activity.
Victimology –
- 80% of the organizations that were affected were located in Vietnam and were related to the Government, military, education, diplomacy, or healthcare sectors.
- Organizations from Thailand and Central Asia were also impacted.
- Two advisories were issued by the government of Vietnam that mentioned malicious documents which were leveraged by threat actors.
Irrespective of the threat actor that carried out this attack, it displays the sophistication of the threat actors. The various stages of obfuscation and complex reverse engineering are anticipated to be indicators of more such activities in the near future.
To read more, please check eScan Blog
