China-linked LapDogs campaign drops backdoor with fake certs, targeting mainly Small Office/Home Office (SOHO) devices
(securityscorecard.com)
from Hotznplotzn@lemmy.sdf.org to cybersecurity@infosec.pub on 24 Jun 04:58
https://lemmy.sdf.org/post/37319325
from Hotznplotzn@lemmy.sdf.org to cybersecurity@infosec.pub on 24 Jun 04:58
https://lemmy.sdf.org/post/37319325
cross-posted from: lemmy.sdf.org/post/37319322
Key Takeaways:
- Over 1,000 actively infected nodes
- Targets are highly localized in the United States and Southeast Asia, particularly Japan, South Korea, Hong Kong, and Taiwan
- Victims in real estate, IT, networking, media and more
- LapDogs leverages a custom backdoor named “ShortLeash,” which establishes a foothold on compromised devices and enables the hackers to act covertly
- Small Office/Home Office (SOHO) devices are mainly targeted
- Campaign growth is deliberate, beginning September 2023 and expanding with methodical tasking
- LapDogs shares commonalities with some prolific China-Nexus ORB networks, most notably PolarEdge, while conclusively standing out as an independent ORB
threaded - newest