The QiAnXin Threat Intelligence Centerβs report details sophisticated multi-year zero-day exploit campaigns by APT groups from Northeast Asia targeting desktop and Android devices for espionage. The attacks include the first known in-the-wild exploitation of the ZipperDown vulnerability and demonstrate evolving payloads and techniques for data exfiltration and account hijacking. #ZipperDown #APTactors
Keypoints
- The RedDrip team uncovered long-term zero-day campaigns by Northeast Asian APT groups targeting both desktop and Android platforms.
- The campaigns include the first known malicious use of the ZipperDown vulnerability in the wild by threat actors.
- Attackers use crafted emails with malicious attachments to trigger exploits like ZipperDown on Android devices.
- Payloads have evolved from backdoor modules to complex data exfiltration malware, including account token theft and passwordless account takeover.
- The operations highlight escalating mobile espionage, potentially linked to state-sponsored intelligence activities in the region.