A Chinese APT referred to as TA413 has allegedly been distributing a new RAT that has been dubbed Sepulcher. TA413 has been using the RAT in various campaigns over the past six months in attacks against European organizations and government entities, as well as Tibetan dissidents. TA413 has been previously associated with Chinese state interests and is commonly known for its campaigns against the Tibetan community.
The two separate campaigns occurred in March of 2020, and July of 2020. The first targeted European diplomatic and legislative bodies, non-profit organizations, and organizations dealing with economic affairs. The March campaign targeted Tibet through a phishing campaign impersonating the World Health Organization and distributing a weaponized version of a legitimate WHO publication. Both campaigns involved the delivery of Sepulcher malware payloads.
Read More: China-based APT Debuts Sepulcher Malware in Spear-Phishing Attacks