New Search

If you are not happy with the results below please do another search

1 search result for:

1

ATTACKER: Actors Behind Blackgear Campaign Update C2 Methods

On July 17th, new activity from the actors behind the Blackgear campaign has been reported by Trend Micro. The Blackgear campaign is an ongoing targeted attack against organizations mainly in Japan, South Korea, and Taiwan. It has been ongoing since at least 2008 when Protux, a malware used in the Blackgear camapaign, was discovered in spear phishing emails against Tibetan Activists. The campaign mainly consists of spear phishing for delivery and multiple stages of malware (binder, downloader, backdoor) for infection. In the most recent Trend Micro report, the malware used by the threat actors behind Blackgear (Protux and Marade) advanced their methods of command and control by employing a way to download their configuration from posts on legitimate social media sites. In the Trend Micro article, screenshots were given where Facebook posts contained strings made out to be magnet links that actually contained the command and control data. The data was made out to be magnet links to avoid antivirus detection. Once the magnet link is downloaded, the malware decrypts the string to discover it’s command and control configuration. Trend Micro also posted the command interface for the Protux malware that controls an infected host. In it, the tool appeared […]