Over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data by simultaneously making use of six different backdoors.
Russian cybersecurity firm Kaspersky attributed the attacks “with a high degree of confidence” to a China-linked threat actor tracked by Proofpoint as TA428, citing overlaps in tactics, techniques, and procedures (TTPs).
TA428, also known by the names Bronze Dudley, Temp.Hex, and Vicious Panda, has a history of striking entities in Ukraine, Russia, Belarus, and Mongolia. It’s believed to share connections with another hacking group called Mustang Panda (aka Bronze President).
Targets of the latest cyber espionage campaign included industrial plants, design bureaus and research institutes, government agencies, ministries and departments in several East European countries and Afghanistan.
Attack chains entail penetrating the enterprise IT networks using carefully crafted phishing emails, including some that referenced non-public information pertaining to the organizations, to trick recipients into opening rogue Microsoft Word documents.
images from Hacker News