Government

OceanLotus Targets APAC Countries with New Downloader

29 January - 4 February 2019

OceanLotus (APT 32) has been targeting private sectors across multiple industries and foreign governments to install a custom downloader known as KerrDown.
OceanLotus (APT 32) has been targeting private sectors across multiple industries and foreign governments to install a custom downloader known as KerrDown. The initial infection vector is unknown, but the group is prolific in launching spear phishing and watering hole attacks to trick users into downloading macro-embedded Microsoft Office Document and RAR archive files. In this campaign, the attached malicious file, drops the KerrDown downloader that retrieves a payload from a remote site. The downloader executes the payload in memory to reveal a variant of the commercial penetration testing tools, Cobalt Strike. Cobalt Strike can be used for downloading and executing additional malware to collect credentials, spy on the user and move laterally across the targeted network. 

References:
[1] Tracking OceanLotus’ New Downloader, KerrDown
 
 
 
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Solutioning

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence