In June 2020, Kaspersky researchers uncovered an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. The final payload is a remote administration tool that provides full control over the infected device. Further analysis suggested that this campaign was conducted by a group related to Cycldek, a Chinese-speaking threat group active since at least 2013, and it represents a major step up in terms of sophistication.
Chinese-speaking threat actors often share their techniques and methodologies with each other, which makes it easier for Kaspersky researchers to hunt for advanced persistent threat (APT) activity related to such well-known cyberespionage groups as LuckyMouse, HoneyMyte, and Cycldek. That’s why, when they saw one of their most well-known tactics “the DLL side-loading triad” targeting government and military entities in Vietnam, they immediately took notice.
Apr 8, 2021
In June 2020, Kaspersky researchers uncovered an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. The final payload is a remote administration tool that provides full control over the infected device.
Further analysis suggested that this campaign was conducted by a group related to Cycldek, a Chinese-speaking threat group active since at least 2013, and it represents a major step up in terms of sophistication.
Chinese-speaking threat actors often share their techniques and methodologies with each other, which makes it easier for Kaspersky researchers to hunt for advanced persistent threat (APT) activity related to such well-known cyberespionage groups as LuckyMouse, HoneyMyte, and Cycldek. That’s why, when they saw one of their most well-known tactics – “the DLL side-loading triad” – targeting government and military entities in Vietnam, they immediately took notice.
Vietnamese hack signals major leap in APAC cyber espionage campaigns
Vietnamese hack signals major leap in APAC cyber espionage campaigns
Based on the existence of stripped headers. Credit: Dreamstime
A cyber attack largely targeting Vietnamese recipients has indicated that Chinese-speaking threat actors could potentially be expanding the scope of their cyber espionage campaigns.
This is according to cyber security vendor Kaspersky, which claimed the trend was highlighted in a cyber campaign in June 2020, where a group related to the Chinese-speaking threat actor Cycldek allegedly went after Vietnam’s government and military sectors, as well as other targets in Central Asia and Thailand.