localbion.blogg.se - Chinese espionage group new compatible with

#Chinese espionage group new compatible with full
#Chinese espionage group new compatible with android
#Chinese espionage group new compatible with software

The U.S Department of Justice’s indictment named five individuals associated with APT41, three of whom - Jiang Lizhi (蒋立志), Qian Chuan (钱川), and Fu Qiang (付强) - are publicly listed in leadership positions of Chinese company Chengdu 404 Network Technology Co., Ltd., a.k.a “Chengdu 404.”

#Chinese espionage group new compatible with software

These companies include software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong. grand jury indictments from 20, the group was involved in compromising over 100 public and private organizations, and individuals in the United States and around the world, including Australia, Japan, India, South Korea, Singapore, and Taiwan. Unlike many nation-state-backed APT groups, APT41 has a track record of compromising both government organizations for espionage, as well as different private enterprises for financial gain.Īccording to U.S. WyrmSpy primarily masquerades as a default operating system app, while DragonEgg pretends to be third-party keyboard or messaging apps.ĪPT41 is a state-sponsored APT espionage group based in the People’s Republic of China that has been active since 2012. The Lookout Security Graph first ingested samples of WyrmSpy in 2017, while DragonEgg was first detected in early 2021 and our latest example dates to April 2023.īoth surveillanceware appear to have sophisticated data collection and exfiltration capabilities and hide those functions in additional modules that are downloaded after they are installed. We provided the first detailed write-up of WyrmSpy to our Threat Intelligence Services subscribers in October 2020. Lookout Threat Lab researchers have been actively tracking both spyware and providing coverage to Lookout Mobile Endpoint Security customers. While APT41 is mostly known for exploiting web-facing applications and infiltrating traditional endpoint devices, these malware are rare reported instances of the group exploiting mobile platforms.

#Chinese espionage group new compatible with android

WyrmSpy and DragonEgg are two advanced Android surveillanceware that Lookout attributes to high-profile Chinese threat group APT41, also known as Double Dragon, BARIUM, and Winnti. What are WyrmSpy and DragonEgg surveillanceware? Contact us if you have been targeted or would like to consult with our research team on mobile threats.

#Chinese espionage group new compatible with full

WyrmSpy and DragonEgg were first reported to Lookout Threat Intelligence Services subscribers in October 2020 and January 2021 respectively in full write-ups that included IOCs, YARA rules, and additional threat analysis.

WyrmSpy and DragonEgg use modules to hide their malicious intentions and avoid detection.

An established threat actor like APT41 turning their focus to mobile devices shows that mobile endpoints are high-value targets with coveted data.

APT41 is known to target a wide range of public and private sector organizations, including nation-state governments, software development companies, computer hardware manufacturers, telecommunications providers, social media companies, and video game companies.

Lookout attributes WyrmSpy and DragonEgg to infamous Chinese espionage group APT41, which has not slowed down since recent indictments by the U.S.