China: Two separate campaigns were identified by researchers at Proofpoint that was attributed to the Chinese Advanced Persistent Threat (APT) known as TA413. The spear-phishing campaigns which were identified in March and July used a new Remote Access Trojan (RAT) that was dubbed Sepulcher. The attack in March was against the World Health Organization. During that period, many Chinese threat actors shifted their focus to stealing COVID-19 research. The second attack in July targeted Tibetan dissidents, which is the standard target for TA413. Researchers at Proofpoint managed to link the attacks to the APT through the sender email address that what used. The Sepulcher malware is considered a basic RAT and its main functions are for reconnaissance activity. The RAT is also able to do more active functions such as creating directories, moving file source to destination, spawning a shell to execute commands, terminating a process, restarting a service, changing a service start type, and deleting a service.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in