Researchers have spotted a fresh Waterbear campaign in which Taiwanese government agencies have been targeted in sophisticated attacks.
According to
CyCraft researchers, the attacks took place in April 2020, but in an interesting twist, the threat group responsible leveraged malware already present on compromised servers -- due to past attacks -- in order to deploy malware.
CyCraft says a vulnerability was exploited in a common and trusted data loss prevention (DLP) tool in order to load Waterbear. The job was made easier as malware leftover from previous attacks on the same targets had not been fully eradicated.
The attackers have been tracked in attempts to use stolen credentials to access a target network. In some examples, endpoints were still compromised from past attacks, and this was leveraged to access the victim's internal network and covertly establish a connection to the group's command-and-control (C2) server.
