Analysis & Insights

Government

TA428 Targets Government IT Agencies

23 - 30 July 2019

A threat group dubbed TA428 has been targeting government agencies in East Asia since early 2019

A threat group dubbed TA428 has been targeting government agencies in East Asia since early 2019 to deliver customised malware for espionage purposes. The campaign known as Operation LagTime IT uses spear phishing email with an RTF attachment containing the MS Office Equation Editor exploit (CVE-2018-0798) to deliver the Cotx Remote Access Tool (RAT). Cotx RAT establishes persistence and acts as a Command and Control (C&C) beacon for the attacker to deliver the Poison Ivy malware via a command shell. Operation LagTime IT is likely a continuation of targeted activity by APT actors aligned with Chinese state interests. This operation may seek to satisfy espionage and intelligence requirements to further China’s strategic interest in the telecommunication and transportation industry.

 

References:

Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia

More Weekly Cyber Newsanalysis and insights

Government

TA428 Targets Government IT Agencies

23 - 30 July 2019

A threat group dubbed TA428 has been targeting government agencies in East Asia since early 2019

A threat group dubbed TA428 has been targeting government agencies in East Asia since early 2019 to deliver customised malware for espionage purposes. The campaign known as Operation LagTime IT uses spear phishing email with an RTF attachment containing the MS Office Equation Editor exploit (CVE-2018-0798) to deliver the Cotx Remote Access Tool (RAT). Cotx RAT establishes persistence and acts as a Command and Control (C&C) beacon for the attacker to deliver the Poison Ivy malware via a command shell. Operation LagTime IT is likely a continuation of targeted activity by APT actors aligned with Chinese state interests. This operation may seek to satisfy espionage and intelligence requirements to further China’s strategic interest in the telecommunication and transportation industry.

 

References:

Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia

More Weekly Cyber Newsanalysis and insights