A previously undocumented threat actor of unknown provenance has been linked to a number of attacks targeting organizations in the manufacturing, IT, and biomedical sectors in Taiwan.
The Symantec Threat Hunter Team, part of Broadcom, attributed the attacks to an advanced persistent threat (APT) it tracks under the name
Grayling. Evidence shows that the campaign began in February 2023 and continued until at least May 2023.
Also likely targeted as part of the activity is a government agency located in the Pacific Islands, as well as entities in Vietnam and the U.S.
"This activity stood out due to the use by Grayling of a distinctive DLL side-loading technique that uses a custom decryptor to deploy payloads," the company
said in a report shared with The Hacker News. "The motivation driving this activity appears to be intelligence gathering."
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
