News Science/Innovation Tech

Sophos: Chinese Hackers Shift to Open-Source Tools in Southeast Asia Espionage

Lawi Jack September 12, 2024

Sophos, a global cybersecurity firm, has released a report detailing a nearly two-year-long Chinese cyberespionage campaign in Southeast Asia.

The operation, named “Crimson Palace,” was first identified by Sophos X-Ops in June and involves three clusters of Chinese state-sponsored activity—Cluster Alpha, Bravo, and Charlie—targeting a high-profile government organization.

After a pause in August 2023, Sophos X-Ops observed renewed cyber activity from Cluster Bravo and Cluster Charlie, which had expanded to include more organizations in the region.

During this investigation, a new keylogger named “Tattletale” was discovered, designed to impersonate users and collect sensitive information like passwords and security settings.

Cluster Charlie has shifted from using custom malware to open-source tools, a move reflecting the attackers’ adaptability, according to Paul Jaramillo, Director of Threat Intelligence at Sophos.

“We’ve been in a chess match with these adversaries, and their switch to open-source tools shows how quickly they can pivot to remain persistent,” Jaramillo said.

Originally active from March to August 2023, Cluster Charlie re-emerged in September and continued its activities into 2024, targeting deeper network penetration and intelligence gathering. Cluster Bravo, which had only been active for three weeks in early 2023, also resumed in 2024, attacking at least 11 additional organizations.

Sophos warns that the campaign is expanding, with the potential to reach new targets in the region. “We will continue to monitor this evolving operation closely,” Jaramillo added.

Lawi Jack

http://tech-hubkenya.com

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

News Startups

Liquid expands cyber security offering to East African businesses

Fri Sep 13 , 2024
Share on Facebook Tweet it Share on Reddit Pin it Share it Email Liquid Intelligent Technologies has announced the addition of an exciting new cyber security solution to the stable of products offered through its Cyber Security Fusion Centres (CSFC). Aimed at providing customers with a more holistic cyber security […]

You May Also Like

Top This weeks

Chief Editor

Jacktone Lawi

Meet Jacktone Lawi, a seasoned technology journalist with years of experience in the industry. I have developed my passion for technology during my formative years, which has been instrumental in shaping my career trajectory. My expertise lies in reporting on emerging technologies and their impact on businesses and consumers worldwide. Through my experience I’m well-versed in covering topics such as artificial intelligence, blockchain, cybersecurity, cloud computing, and digital transformation, among others. Throughout my career, I have has demonstrated an exceptional ability to distill complex technical information into accessible and engaging content that resonates with my readers. My writing style is clear, concise, and informative, allowing me to communicate even the most technical concepts to a broad audience. Beyond my writing skills, I have also become known for extensive network of industry contacts and ability to secure exclusive interviews with high-profile figures in the technology world. These connections have enabled me to gain unique insights into the latest trends and developments in the field, giving me a competitive edge in my reporting. In addition to my work as a journalist, I’m also actively engaged in the broader technology community. Where I regularly attend conferences and events, share insights and stays up-to-date on the latest innovations in the industry. Overall, my wealth of experience as a technology journalist have given me a deep understanding of the industry and its impact on society.

Quick Links