IBM X-Force reports on Hive0154, a China-aligned threat group, reveals their use of advanced malware such as Toneshell9 and SnakeDisk to target specific regions like Thailand. The group employs sophisticated techniques like proxy-aware C2 communication and region-specific USB Worms, demonstrating their persistent and well-developed capabilities. #Hive0154 #Toneshell9 #SnakeDisk
Keypoints
- Hive0154 is a China-aligned threat actor with a long history of activity and a large malware arsenal.
- Toneshell9 is an upgraded variant designed to blend with legitimate network traffic using proxy-aware C2 communication.
- SnakeDisk is a USB worm that specifically targets devices in Thailand, delivering the Yokai backdoor.
- Yokai establishes persistence via scheduled tasks and supports reverse shells for command execution.
- The malware variants show that Hive0154 maintains ongoing development, continuing to adapt to detection efforts.
Read More: https://securityonline.info/china-aligned-hackers-unleash-upgraded-toneshell-and-new-usb-worm/