Government

TA428 Targets Government IT Agencies

23 - 30 July 2019

A threat group dubbed TA428 has been targeting government agencies in East Asia since early 2019

A threat group dubbed TA428 has been targeting government agencies in East Asia since early 2019 to deliver customised malware for espionage purposes. The campaign known as Operation LagTime IT uses spear phishing email with an RTF attachment containing the MS Office Equation Editor exploit (CVE-2018-0798) to deliver the Cotx Remote Access Tool (RAT). Cotx RAT establishes persistence and acts as a Command and Control (C&C) beacon for the attacker to deliver the Poison Ivy malware via a command shell. Operation LagTime IT is likely a continuation of targeted activity by APT actors aligned with Chinese state interests. This operation may seek to satisfy espionage and intelligence requirements to further China’s strategic interest in the telecommunication and transportation industry.

 

References:

Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence