Chinese Cyber-Espionage Group Customizes Old, Public Tools
Researchers with SecureWorks Counter Threat Unit (CTU) have been tracking ATP27, a cyber-espionage group thought to operate out of China. ATP27 was first spotted in 2013 and is also known as Bronze Union, Emissary Panda, Threat Group 3390, Lucky Mouse, ZipToken, and Iron Tiger.
Over the last two years, the threat group has used a host of publicly available tools in its cyber espionage campaigns. Some of those tools are over a decade old, although ATP27 has updated the code so that they can be used to target modern systems. In order to limit the chances of detection on a targeted system, the threat group mostly relies on custom tools to infiltrate organizations and switches over to public tools only after access has been obtained,