New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

China Chopper Continues to be Used

China Chopper: The China Chopper tool, which was previously used in the “Operation Soft Cell” against the telecommunications industry is still being used. Used by groups such as China-sponsored APT10 and Leviathan, the web shell has been around for approximately nine years. The tool allows malicious actors to remotely control a targeted system that uses a client-side application which contains all the Logic required to control the target. The first attack seen with China Chopper stole confidential documents off of a server and the second attack deployed ransomware. This tool was originally used by state-sponsored actors, and through the years it has started to be used by more and more nation-state and cybercriminal groups. Though the threat landscape is constantly changing, some things continue to work no matter their age.

Analyst Notes

It is projected that the tool will continue to be used by threat actors and even potentially increase in use in the coming years. The tool has proven to work in the past, which is why it is so sought after even after nine years of being available.