According to recent reports by U.S. Cybersecurity giant, Symantec, during the past year, the Chinese cyber-espionage group, Thrip has attacked companies in the military, telecom and satellite sector.
Even though Symantec has publicly exposed the China-based APT, Thrip continues on to be a major threat for Southeast Asian entities.
High Profile Southeast Asian Targets
Symantec further reiterated the fact that at least 12 high-level targets, which include maritime, military and satellite communications, have been attacked by Thrip, to which multiple countries have fallen prey since 2018, including Hong Kong, Indonesia, Malaysia and the Philippines.
The Billbug Link
Thrip, previously known to leverage tools like PsExac, PowerShell and LogMeIn, have recently began using a previously unseen backdoor, known as “Hannotog,” which gains access on compromised systems. Also using, “Sagerunex,” another backdoor which is a more evolved version of malware “Evora,” suggests a link between Thrip and Billbug Group (aka Lotus Blossom), another Chinese cyber-espionage group operating since 2009.
With Symantec stating that Thrip poses a ‘clear and present danger,’ they focused on the fact that organizations should employ appropriate tools and measures to respond to such attacks, as Thrip uses both legitimate and dual-use tools for malware execution, making it tough to detect and assess the threat.
With sole focus on organizations within Southeast Asia for the time-being, no evidence has been recently found to suggest that U.S. is being targeted, but this can change any moment, Symantec warns.