Bitdefender researchers uncovered EggStreme, a sophisticated fileless malware framework used by a Chinese APT group to target a Philippine military company, highlighting evolving espionage techniques amid geopolitical tensions in the South China Sea. The framework’s multi-stage, memory-based approach makes it highly stealthy and persistent, emphasizing the strategic importance of the targeted organization. #EggStreme #ChineseAPT
Keypoints
- EggStreme is a modular, multi-stage fileless malware framework designed for stealth and persistence.
- The attack begins with EggStremeFuel, which loads subsequent malicious payloads through DLL sideloading.
- EggStremeAgent, the central component, operates as a backdoor with 58 commands for advanced espionage activities.
- The framework uses in-memory payloads and DLL sideloading to evade detection and remain persistent.
- The targeting of a Philippine military organization indicates a focus on geopolitical espionage rather than financial gain.