Researchers at Symantec have identified a new campaign from the group known as Palmerworm or BlackTech. The group has been around since 2013 but has never been attributed to a country. The attacks are targeting organizations in the US, Japan, China, and Taiwan and are aimed at stealing information. The threat actor utilized tactics such as living-off-the-land, where they used legitimate software and tools that are pre-installed on operating systems to remain undetected. Previously, the group has used spear-phishing to gain entry into a network but in the most recent campaign, the initial infection has not been identified. The malware used in this attack has not been used by the threat actor before. Researchers linked the group to these attacks through the use of infrastructure that has been linked to Palmerworm in the past. The use of dual-use tools has also been used by the group in the past and was identified in this campaign as well.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in