Intrusions targeting a high-level Southeast Asian government agency have been deployed by three clusters of Chinese state-backed hackers over nearly two years as part of the Crimson Palace cyberespionage campaign aimed at exfiltrating intelligence pertaining to the country's strategy on the territorial dispute in the South China Sea, according to The Record, a news site by cybersecurity firm Recorded Future.
APT15 and Earth Longzhi, a subset of APT41, had tactics similar to two of the identified attack clusters that have been coordinating efforts to compromise the targeted organization, which had its network subjected to the clusters' testing of various tools and techniques, a report from Sophos revealed. Additional surveillance operations are also being attempted by at least one of the discovered clusters, said the report.
"We have multiple threat groups, likely with unlimited resources, targeting the same high-level government organization for weeks or months at a time, and they are using advanced custom malware intertwined with publicly available tools," said Sophos Director of Threat Hunting and Threat Intelligence Paul Jaramillo.
