Trend Micro researchers uncovered a complex cyber-espionage campaign called TAOTH, targeting Eastern Asian dissidents, journalists, and business leaders through hijacked software updates and spear-phishing. The operation involves multiple malware families, including C6DOOR, GTELAM, DESFY, and TOSHIS, with overlapping infrastructure suggesting a persistent threat group. #TAOTH #CyberEspionage
Keypoints
- TAOTH uses hijacked software update servers to distribute malware in Eastern Asia.
- Spear-phishing campaigns with politically themed decoys are a primary attack method.
- Several malware families, such as C6DOOR, GTELAM, DESFY, and TOSHIS, are used for espionage and data profiling.
- Victims include dissidents, journalists, researchers, and targeted organizations in multiple countries.
- Analysis shows a consistent infrastructure and TTPs indicating a long-running, targeted threat group.