Chinese language cyberespionage group Billbug has revamped its assault toolkit with new malware payloads in a wide-reaching marketing campaign focusing on a number of organizations in Southeast Asia. The brand new instruments, which embody credential stealers, a reverse shell, and an up to date backdoor, have been noticed in assaults that lasted from August to February.
“Targets included a authorities ministry, an air visitors management group, a telecoms operator, and a building firm,” researchers from Broadcom’s Symantec division wrote in a report on the exercise. “Along with this, the group staged an intrusion towards a information company positioned abroad in Southeast Asia and an air freight group positioned in one other neighboring nation.”
Billbug, additionally identified within the security business as Lotus Blossom, Lotus Panda, Bronze Elgin, or Spring Dragon, is a cyberespionage group with suspected ties to the Chinese language authorities that’s targeted on acquiring intelligence from different Asian nations. It has been working since at the very least 2009, primarily focusing on authorities and navy organizations.
