Skip to content

WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware

Table of Contents

SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia.

The experts believe activity of the group  is espionage-related and that WIP19 is a Chinese-speaking threat actor.

The threat cluster has some overlap with Operation Shadow Force but utilizes new malware and techniques.

WIP19 utilizes a legitimate, stolen certificate to sign novel malware, including SQLMaggie, ScreenCap and a credential dumper.

WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
Precision targeting of critical infrastructure industries indicates espionage-related activity by an unattributed Chinese-speaking threat group.

#Analysis #IoCs

Latest

Szele Tamás: Navalnij halála

Szele Tamás: Navalnij halála

Ma új fejezet kezdődött Oroszország történetében, aminek az elejét, meglehet, vérrel írják. De ha minden jól megy, a közepétől visszatérnek a tintához.

Members Public