The BfV German domestic intelligence services (short for Bundesamt für Verfassungsschutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group. This active campaign is targeting German commercial organizations, with the attackers using the HyperBro remote access trojans (RAT) to backdoor their networks. HyperBro helps the threat actors maintain persistence on the victims’ networks by acting as an in-memory backdoor with remote administration capabilities. he agency said the threat group’s goal is to steal sensitive information and may also attempt to target their victims’ customers in supply chain attacks. “The Federal Office for the Protection of the Constitution (BfV) has information about an ongoing cyber espionage campaign by the cyber attack group APT27 using the malware variant HYPERBRO against German commercial companies,” the BfV said. “It cannot be ruled out that the actors, in addition to stealing business secrets and intellectual property, also try to infiltrate the networks of (corporate) customers or service providers (supply chain attack).”
Analyst Notes
So far this threat actor is mainly targeting German organizations, but the scope of their attacks could at some point widen to include targets in other countries. To be on the safe side, make sure of the IOCs and Yara rules published by BfV that are cited in this article to check for HyperBro infections and connections to APT27 C2 servers. It is in German language, but you should still be able to find the IOC section in this document: https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2022-01-bfv-cyber-brief.pdf
https://www.bleepingcomputer.com/news/security/german-govt-warns-of-apt27-hackers-backdooring-business-networks/
