Another Chinese-linked malware called Reaver, which appears to share minimal code with MirageFox, also has very few detections on VirusTotal. Intezer researchers said MirageFox has only been recently uploaded to VirusTotal and has very few detections so far. Once the hackers have infiltrated the victims’ networks, they tailor their malware specifically to attack targets. “As is known about APT15, after infiltrating their target, they conduct a lot of reconnaissance work, send the commands from the C&C manually, and will customize their malware components to best suit the environment they have infected.”ĪPT15 is known for “living off the land”, which means the hackers use readily available online tools and software to carry out their attacks. “There is high confidence that MirageFox can be attributed to APT15 due to code and other similarities in the MirageFox binaries,” Intezer researchers said. The malware then sends the stolen data to the C2 server, opens up a backdoor and waits for a command. Similar to other malware samples created by APT15, MirageFox can harvest information such usernames, CPU information and more. The cyberespionage group - also known as RoyalAPT, Vixen Panda, Playful Dragon and Ke3change - has previously launched attacks against various targets worldwide including government contractors, military organizations, the oil sector and more.Īccording to security researchers at Intezer, APT15’s MirageFox is a new version of their older Mirage RAT that first appeared in 2012. Chinese government-linked hacker group APT15 has been found using a new malware called MirageFox that seems to be an upgraded version of an old remote access tool.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |