from randomname@scribe.disroot.org to cybersecurity@infosec.pub on 07 Oct 07:40
https://scribe.disroot.org/post/4943657
cross-posted from: scribe.disroot.org/post/4943635
Here is the technical report: CN APT targets Serbian Government
A suspected China-linked cyber-espionage campaign has targeted a Serbian government department overseeing aviation, as well as other European institutions, according to new research from the cybersecurity firm StrikeReady.
The campaign began in late September with phishing emails sent to a Serbian government office. Further analysis uncovered similar malicious activity in Hungary, Belgium, Italy and the Netherlands.
Victims who clicked on links in the phishing emails were redirected to fake Cloudflare verification pages — a tactic often used to make malicious sites appear legitimate before delivering malware.
The decoy documents used in the campaign included files themed around European government business, such as a study plan from Serbia’s National Academy of Public Administration, a European Commission meeting agenda, and an invitation to the European Political Community summit.
…
Similar tools and tactics have been seen in other China-linked operations, according to StrikeReady. In August, Google researchers uncovered an espionage campaign attributed to the Chinese group UNC6384, which targeted diplomats in Southeast Asia using Sogu to steal data and execute remote commands. The hackers also deployed PlugX through decoy documents mimicking EU Council meeting agendas.
…
Researchers said China-linked actors also used PlugX last year to spy on European healthcare organizations, and that PlugX infections were detected in more than 170 countries in 2024.
It remains unclear what information was accessed in the latest campaign reported by StrikeReady, or whether the attackers achieved their objectives.
threaded - newest