China-linked Hackers Deploy New ‘UNAPIMON’ Malware for Stealthy Operations
Discription

A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security researcher Christopher So said in a report published today. "It has been observed to target organizations from various sectors across different countries." The cybersecurity firm has described Earth Freybug as a subset within APT41, a China-linked cyber espionage group that's also tracked as Axiom, Brass Typhoon (formerly Barium), Bronze Atlas, HOODOO, Wicked Panda, and Winnti. The adversarial collective is known to rely on a combination of living-off-the-land binaries (LOLBins) and custom malware to realize its goals. Also adopted are techniques like dynamic-link library (DLL) hijacking and application programming interface (API) unhooking. Trend Micro said the activity shares tactical overlaps with a cluster previously disclosed by cybersecurity company Cybereason under the name Operation Cuckoobees, which refers to an intellectual property theft campaign targeting technology and manufacturing companies located in East Asia, Western Europe, and North America. The starting point of the attack chain is the use of a legitimate executable associated with VMware Tools ("vmtoolsd.exe") to create a scheduled task using "schtasks.exe" and deploy a file named "cc.bat" in the remote machine….Read More

Back to Main

Subscribe for the latest news: