Dropbox Used to Mask Malware Movement in Cyberespionage Campaign
#1
Information 
Quote:Chinese-speaking cyberespionage actors have targeted the Afghan government, using Dropbox for command-and-control (C2) communications and going so far as to impersonate the Office of the President to infiltrate the Afghan National Security Council (NSC), researchers have found.
 
According to a report published by Check Point Research (CPR) on Thursday, this is just the latest in a long-running operation that goes back as far as 2014, when the same threat actors also targeted the Central-Asian countries of Kyrgyzstan and Uzbekistan.
 
The suspected advanced persistent threat (APT) group has been dubbed IndigoZebra. Kapsersky researchers, for their part, included the APT among the list of Chinese-speaking actors listed in its APT Trends report for the second quarter of 2017.
 
At the time, Kaspersky said that the IndigoZebra campaign was targeting former Soviet Republics with “a wide swath of malware including Meterpreter, Poison Ivy, xDown, and a previously unknown malware called ‘xCaon’.” According to Kaspersky’s 2017 report, the campaign shared ties with other well-known Chinese-speaking actors, though no definitive attribution was made at the time.
 
According to CPR, Thursday’s report is the first time that a fuller set of technical details relating to the operation have been publicly disclosed. Its report includes analysis of the xCaon backdoor, as well as the latest version, which CPR has christened BoxCaon and which uses the Dropbox cloud-storage service as a C2 server.

Read more: Ongoing Spearphishing Campaign Targets Afghan Gov’t | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Messages In This Thread
Dropbox Used to Mask Malware Movement in Cyberespionage Campaign - by silversurfer - 02 July 21, 17:59

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Google files remedies proposal in DOJ's ...
The U.S. Departmen...harlan4096 — 09:48
PowerToys 0.87.1
PowerToys 0.87.1 ...harlan4096 — 09:46
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07
AirVPN Christmas Sale 2024!
AirVPN CHRISTMAS SAL...jasonX — 07:52
ON1 Software
ON1 Photo RAW 2025.1...jasonX — 06:29

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>