Researchers uncovered the OceanLotus Group targeting the top management of an Asian firm in a campaign titled “Operation Cobalt Kitty.” The group hacked into 40 computers and servers belonging to the company over the course of a year, before the attacks were detected. Researchers noted that the hacker group was highly adaptive and continued to update its attack to avoid security detection. To conduct the attacks, the hackers used a combination of publicly available hacking tools, as well as 6 “undocumented custom-built tools,” which according to researchers are the group’s “signature tools. “Among these tools are two backdoors that leveraged DLL hijacking attacks against legitimate Microsoft, Google and Kaspersky applications. In addition, they developed a novel and stealthy backdoor that targets Microsoft Outlook for command-and-control channel and data exfiltration,” researchers said. The group has predominantly targeted Asian organizations across China, Vietnam and Philippines.

cyware.com

LEAVE A REPLY