- Jan 8, 2017
- 1,320
Intrusions Focus on the Engineering and Maritime Sector
Since early 2018, FireEye (including our FireEye as a Service
(FaaS), Mandiant Consulting, and iSIGHT Intelligence teams) has been
tracking an ongoing wave of intrusions targeting engineering and
maritime entities, especially those connected to South China Sea
issues. The campaign is linked to a group of suspected Chinese cyber
espionage actors we have tracked since 2013, dubbed TEMP.Periscope.
The group has also been reported as “Leviathan”
by other security firms.
..
..
TTPs and Malware Used
In their recent spike in activity, TEMP.Periscope has leveraged a
relatively large library of malware shared with multiple other
suspected Chinese groups. These tools include:
.....
- AIRBREAK: a
JavaScript-based backdoor also reported as “Orz” that retrieves
commands from hidden strings in compromised webpages and actor
controlled profiles on legitimate services.- BADFLICK: a
backdoor that is capable of modifying the file system, generating a
reverse shell, and modifying its command and control (C2)
configuration.
.....
.....