Chinese Hackers Target Government Entities in Widespread Campaign
According to a new report from Kaspersky, a recently discovered advanced persistent threat (APT) dubbed LuminousMoth is targeting a large number of organizations in South Asia. The campaign involves cyberespionage attacks on organizations and government entities and has been ongoing since at least October 2020. Contrary to similar attacks that are highly targeted, this campaign has allegedly targeted 100 victims in Myanmar and 1,400 in the Phillippines. The main focus of the attacks appears to be a subset of desirable victims such as high-profile organizations located both within Myanmar and the Phillippines and abroad.
According to Kaspersky, the campaign uses spear-phishing emails as the initial assault vector. The emails include a malicious download link that then fetches a RAR archive that appears to be a Word document. This downloads malware onto the targeted machine. The malware used in the attacks can spread to other systems via removable USB drives. In some of the attacks, other tools were used for lateral movement: a fake version of Zoom that stole data files, and a malicious tool that steals Chrome browser cookies.