Introduction
Since 2022, Google Threat Intelligence Group (GTIG) has been tracking multiple cyber espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW. These operations employ a custom obfuscating compiler that we refer to as “ScatterBrain,” facilitating attacks against various entities across Europe and the Asia Pacific (APAC) region. ScatterBrain appears to be a substantial evolution of ScatterBee, an obfuscating compiler previously analyzed by PWC.
GTIG assesses that POISONPLUG is an advanced modular backdoor used by multiple distinct, but likely related threat groups based in the PRC, however we assess that POISONPLUG.SHADOW usage appears to be further restricted to clusters associated with APT41.
GTIG currently tracks three known POISONPLUG variants:
- POISONPLUG
- POISONPLUG.DEED
- POISONPLUG.SHADOW
<
div class=”block-paragraph_advanced”>
POISONPLUG.S
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: