The threat group has previously used newsworthy events as lures to deliver malware. A Cyber Campaign Likely Intended to Monitor Hong Kong Media During a Period of Crisis The attack is part of a trend where threat groups hide malicious activity by communicating with legitimate web services such as social networking and cloud storage sites to foil detection efforts. We collaborated with Dropbox to investigate the threat, and our cooperation revealed what may be a second, similar operation. LOWBALL abuses the Dropbox cloud storage service for command and control (CnC).
The email messages contained malicious documents with a malware payload called LOWBALL. A China-based cyber threat group, which FireEye tracks as an uncategorized advanced persistent threat (APT) group and other researchers refer to as may have conducted the activity. Create a Free Mandiant Advantage AccountįireEye Intelligence CenterFireEye Threat Intelligence analysts identified a spear phishing campaign carried out in August 2015 targeting Hong Kong-based media organizations.Noteholder and Preferred Shareholder Documents.
0 kommentar(er)
