Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.
Latest posts by Esme Greene (see all)
- Microsoft IIS Servers Targeted by Lazarus - August 18, 2023
- AI-Powered Hacker Threats - August 18, 2023
- Attacks Against Ukraine and Poland Continue to Use the PicassoLoader Malware - August 18, 2023
The campaign consists of a series of attacks against Southeast Asian firms’ help agents using chat programs such as Comm100 and LiveHelp100.
ChattyGoblin’s connection to China
The effort is said to have targeted firms in Europe and North America in the industrial, technology, healthcare, insurance, manufacturing, and telecommunications sectors.
The malware chains propagate a C# dropper via chat applications, which then installs another C# executable that acts as a medium to drop a Cobalt Strike beacon on compromised workstations.
CrowdStrike discovered a trojanized Comm100 installer being used to spread malware in October 2022. The ongoing supply chain attack has been connected to a threat actor with ties to China, according to researchers.
Other active APT organizations
ESET recently released a thorough study titled APT Activity study Q4 2022-Q1 2023, which covered data about several campaigns, including Operation ChattyGoblin. Other campaigns mentioned in the report include:
The paper goes into depth on the crimes carried out by Donut Team and SideWinder on government organizations in South Asia.
Another series of minor assaults was attributed to Confucius, an Indian APT organization that has been active since 2013. The threat group is thought to have ties to the Patchwork group.
In January, the North Korean-backed Lazarus Group attacked an unidentified Indian data management services firm with an Accenture-themed social engineering lure.
OilRig, another Iranian threat actor, implanted a bespoke implant, Mango, on an Israeli healthcare organization.
Summary
For over a year, Operation ChattyGoblin went unnoticed. This suggests that this gang employs advanced avoidance strategies. Furthermore, the operations outlined in ESET’s study are typical markers of continuing APT group actions throughout the world, implying that APTs are constantly upgrading their TTPs. To resist such attacks, companies should aggressively enhance their protection mechanisms.