China-linked APT24 hackers have been using the sophisticated and previously undocumented BadAudio malware in a three-year espionage campaign targeting Windows systems. Their methods evolved over time, including spearphishing, supply-chain compromises, and website injections to evade detection and conduct targeted espionage activities. #APT24 #BadAudio #CobaltStrike
Keypoints
- APT24 has employed a variety of attack techniques including website compromise and spearphishing.
- The BadAudio malware is heavily obfuscated, making detection and analysis difficult.
- Malicious JavaScript was used to fingerprint visitors and deliver payloads in targeted campaigns.
- The campaign involved compromising legitimate websites and supply chains to reach multiple victims.
- Despite its sophistication, some of APT24’s malware samples are only detected by a few antivirus solutions.