APT15: Researchers at Lookout have discovered a multi-year hacking campaign that targeted the Uighur ethnic minority in Western China and the Tibetan community. The campaign targeted these individuals with malware that allowed government threat actors to keep an eye on the activities of minority communities within China’s borders and in at least 14 other countries. Lookout stated that it attributed these attacks to APT15 by using Android malware that has been previously used by APT15 and the use of shared infrastructure between the new tools and the original Android tool they analyzed. APT15 has been known in the past to use tools designed to infect Windows desktops as well as Android devices. Four new hacking tools were discovered that were named SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle. Furthermore, researchers discovered an unsecured Command and Control (C2) server for GoldenEagle, which they analyzed and found that the victims during the early stages of the infections were all located around the building of the Xi’an Tianhe Defense Technology Company. It is believed that these early infections surrounding the company were used as tests during the development phase, leading Lookout to believe the malware was developed by the Defense Technology company, and that they were hired by Chinese Government Intelligence to share information on the location of its victims.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.