Apr 8, 2021
In June 2020, Kaspersky researchers uncovered an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. The final payload is a remote administration tool that provides full control over the infected device.
Further analysis suggested that this campaign was conducted by a group related to Cycldek, a Chinese-speaking threat group active since at least 2013, and it represents a major step up in terms of sophistication.
Chinese-speaking threat actors often share their techniques and methodologies with each other, which makes it easier for Kaspersky researchers to hunt for advanced persistent threat (APT) activity related to such well-known cyberespionage groups as LuckyMouse, HoneyMyte, and Cycldek. That’s why, when they saw one of their most well-known tactics – “the DLL side-loading triad” – targeting government and military entities in Vietnam, they immediately took notice.