China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons
Aug 17, 2023
Cyber Attack / Malware
An ongoing cyber attack campaign originating from China is targeting the Southeast Asian gambling sector to deploy Cobalt Strike beacons on compromised systems. Cybersecurity firm SentinelOne said the tactics, techniques, and procedures point to the involvement of a threat actor tracked as Bronze Starlight (aka Emperor Dragonfly or Storm-0401), which has been linked to the use of short-lived ransomware families as a smokescreen to conceal its espionage motives. "The threat actors abuse Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan executables vulnerable to DLL hijacking to deploy Cobalt Strike beacons," security researchers Aleksandar Milenkoski and Tom Hegel said in an analysis published today. It also bears noting that the campaign exhibits overlaps with an intrusion set monitored by ESET under the name Operation ChattyGoblin . This activity, in turn, shares commonalities with a supply chain attack tha...