APT24, a Chinese threat actor, has been conducting a sophisticated three-year cyberespionage campaign using various techniques like supply chain attacks, social engineering, and web compromises. The campaign showcases their use of custom malware such as BadAudio and their ability to adapt tactics over time. #APT24 #BadAudio #CobaltStrike #SupplyChainAttack
Keypoints
- APT24 has been active since at least 2008, employing spear phishing and social engineering.
- The threat actor recently expanded its techniques to include supply chain attacks and web compromises.
- They used a custom C++ downloader called BadAudio to fetch and execute encrypted payloads.
- Over 20 websites were compromised to deliver malicious JavaScript payloads targeting Windows systems.
- The campaign involved re-compromising a digital marketing firm in Taiwan multiple times, affecting over 1,000 domains.
Read More: https://www.securityweek.com/chinese-cyberspies-deploy-badaudio-malware-via-supply-chain-attacks/