The BfV German domestic intelligence services (short for Bundesamt für Verfassungsschutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group.
This active campaign is targeting German commercial organizations, with the attackers using the HyperBro remote access trojans (RAT) to backdoor their networks.
HyperBro helps the threat actors maintain persistence on the victims' networks by acting as an in-memory backdoor with remote administration capabilities.
The agency said the threat group's goal is to steal sensitive information and may also attempt to target their victims' customers in supply chain attacks.
"The Federal Office for the Protection of the Constitution (BfV) has information about an ongoing cyber espionage campaign by the cyber attack group APT27 using the malware variant HYPERBRO against German commercial companies," the BfV
said.
"It cannot be ruled out that the actors, in addition to stealing business secrets and intellectual property, also try to infiltrate the networks of (corporate) customers or service providers (supply chain attack)."
The BfV also published
indicators of compromise (IOCs) and YARA rules to help targeted German organizations to check for HyperBro infections and connections to APT27 command-and-control (C2) servers.
