Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike
Oct 06, 2023
Cyber Attack / Malware
Threat actors have been observed targeting semiconductor companies in East Asia with lures masquerading as Taiwan Semiconductor Manufacturing Company (TSMC) that are designed to deliver Cobalt Strike beacons. The intrusion set, per EclecticIQ , leverages a backdoor called HyperBro, which is then used as a conduit to deploy the commercial attack simulation software and post-exploitation toolkit. An alternate attack sequence is said to have utilized a previously undocumented malware downloader to deploy Cobalt Strike, indicating that the threat actors devised multiple approaches to infiltrate targets of interest. The Dutch cybersecurity firm attributed the campaign to a China-linked threat actor owing to the use of HyperBro, which has been almost exclusively put to use by a threat actor known as Lucky Mouse (aka APT27, Budworm, and Emissary Panda). Tactical overlaps have also been unearthed between the adversary behind the attacks and another cluster tracked by Rec...
