A recent report uncovers a sophisticated spear-phishing campaign targeting European government and aviation sectors, linked to Chinese state-sponsored threat actors using PlugX malware. The attack involves unique obfuscation tactics and cloud infrastructure to conduct espionage activities. #PlugX #ChineseThreatActors
Keypoints
- The campaign begins with targeted spear-phishing emails disguised as official communications.
- Malicious ZIP files contain shortcuts that trigger obfuscated PowerShell commands to deploy malware.
- Malware uses DLL sideloading techniques with legitimate executables to hide its activities.
- Command-and-control servers are hosted on Azure domains to evade detection.
- The operation shows continuous evolution, adapting payload extraction methods and linking to known Chinese cyber-espionage groups.