ChattyGoblin’s connection to China
The effort is said to have targeted firms in Europe and North America in the industrial, technology, healthcare, insurance, manufacturing, and telecommunications sectors.
CrowdStrike discovered a trojanized Comm100 installer being used to spread malware in October 2022. The ongoing supply chain attack has been connected to a threat actor with ties to China, according to researchers.
Other active APT organizations
ESET recently released a thorough study titled APT Activity study Q4 2022-Q1 2023, which covered data about several campaigns, including Operation ChattyGoblin. Other campaigns mentioned in the report include:
The paper goes into depth on the crimes carried out by Donut Team and SideWinder on government organizations in South Asia.
Another series of minor assaults was attributed to Confucius, an Indian APT organization that has been active since 2013. The threat group is thought to have ties to the Patchwork group.
In January, the North Korean-backed Lazarus Group attacked an unidentified Indian data management services firm with an Accenture-themed social engineering lure.
OilRig, another Iranian threat actor, implanted a bespoke implant, Mango, on an Israeli healthcare organization.
For over a year, Operation ChattyGoblin went unnoticed. This suggests that this gang employs advanced avoidance strategies. Furthermore, the operations outlined in ESET’s study are typical markers of continuing APT group actions throughout the world, implying that APTs are constantly upgrading their TTPs. To resist such attacks, companies should aggressively enhance their protection mechanisms.