Security researchers at Kaspersky have identified a Chinese-speaking threat actor called APT10 deploying sophisticated and fileless backdoors. The attacks are targeting think-tanks, media, diplomatic, governmental, and public sector organizations. Kaspersky states that the campaign has been active since at least March. The company has been tracking the LodeInfo malware family since 2019 and detailed the recent findings in two blog posts. The attacks were discovered during a two-part investigation into the threat.
Kaspersky stated that the group’s primary goal is espionage and that it primarily targets Japanese organizations. The LodeInfo malware is constantly updated and modified, the security researchers state, to include new anti-detection features and infection vectors. Therefore, it is difficult to maintain a clear view of its use and deployment and there is a possibility that more attacks have occurred that are yet to be identified.