Cyber-Espionage Group Customizes Old, Public Tools

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/

A cyber-espionage threat actor believed to operate from China relies for its activities on publicly available tools; the source code for some of them has been released as early as 2007.
Known by different names (APT27, Bronze Union, Emissary Panda, Threat Group 3390, Lucky Mouse, ZipToken, and Iron Tiger), the group has been active since at least 2013 and is interested in collecting data from political, technology, manufacturing, and humanitarian organizations.

Old RATs can still do the trick

One of the utilities the researchers say was used by the Bronze Union group last year is ZxShell - a remote access tool (RAT) whose source code was released in 2007 by its creator, someone called "LZX."
"Although various threat actors have created different variations of the RAT, the version used by BRONZE UNION in 2018 contained some previously unobserved properties," SecureWorks notes in a report shared with BleepingComputer. The update from the China-linked threat actor included a packet redirection tool called HTran and was signed with certificates from Hangzhou Shunwang Technology and its 2013 acquisition Shanghai Hintsoft.