'How a New Cyber Espionage Weapon in Southeast Asian Government Got Detected' by CheckPointSW checkpoint cybersecurity
Check Point Research warns of a new cyber espionage weapon being used by a Chinese threat group, after it identified and blocked an ongoing surveillance operation targeting a Southeast Asian government. Over the course of three years, the attackers developed a previously unknown backdoor into the Windows software running on the personal computers of its victims, enabling capabilities of live-espionage, such as screenshotting, editing files and running commands.
Attackers began by sending weaponized documents, impersonating other entities within the same government, to multiple members of the target government’s Ministry of Foreign Affairs CPR suspects that the purpose of the operation is espionage through the installation of a previously unknown backdoor into the Windows software running on personal computers of victims. After the backdoor is installed, the attackers can collect nearly any information they want, as well as take screenshots and execute additional malware on a target’s personal computer.