The Chinese threat actor, APT27, which has been active since 2010 and has primarily focused on cyber-espionage campaigns for the Chinese has been linked to a ransomware attack. Researchers at Profero and Security Joes released a report on the incident outlining their analysis of ransomware operations that were seen targeting five online gambling companies. All five of the attacks were carried out using the malware samples linked to the DRBControl, a campaign from earlier this year that TrendMicro linked to APT27. The researchers found samples of the Clambling backdoor the ASPXSpy webshell, and PlugX remote access trojan, all having been used by APT27 in the past. The threat actor also leveraged an older Google Updater executable that was vulnerable to DLL side-loading and a vulnerability from 2017, CVE-2017-0213, to escalate privileges on the machine.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security