New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
Sep 25, 2023
Malware Attack / Cyber Threat
An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the same victims' machines, each cluster is characterized by distinct tools, modus operandi, and infrastructure," Palo Alto Networks Unit 42 researchers Lior Rochberger, Tom Fakterman, and Robert Falcone said in an exhaustive three-part report. The attacks, which targeted different governmental entities such as critical infrastructure, public healthcare institutions, public financial administrators and ministries, have been attributed with moderate confidence to three disparate clusters tracked as Stately Taurus (aka Mustang Panda), Alloy Taurus (aka Granite Typhoon), and Gelsemium . Mustang Panda Uses TONESHELL Variant and ShadowPad "The attackers conducted a cyberespionage operation th