A Chinese hacking group has been linked to a new campaign aimed at infecting government officials in Europe, the Middle East and South America with a modular malware known as PlugX.
Cybersecurity firm Secureworks said it detected intrusions in June and July 2022, demonstrating once again that the adversary is consistently focused on espionage against governments around the world.
“PlugX is a modular malware that communicates with a command and control (C2) server to perform tasks and can download additional plugins to enhance its capabilities beyond simple information gathering,” the Secureworks Counter Threat Unit (CTU) said in a statement. the report shared with The Hacker News.
Bronze President is a Chinese threat actor that has been active since at least July 2018 and is believed to be a likely state group that uses a combination of proprietary and public tools to hack and collect data from its targets.
It is also publicly documented under other names such as HoneyMyte, Mustang Panda, Red Lich, and Temp.Hex. One of the main tools of choice is PlugX, a remote access trojan widely distributed among Chinese hostile groups.
Earlier this year, the group was observed against Russian government officials with an updated version of the PlugX backdoor called Hodur, next to subjects located in Asia, the European Union and the United States
The Secureworks attribution of the latest Bronze President campaign is due to the use of PlugX and attractive policy-themed documents that correspond to regions of strategic importance to China.
Attack chains distribute RAR archive files that contain a Windows Shortcut (.LNK) file that masquerades as a PDF document that, when opened, executes a legitimate file located in an embedded hidden folder embedded in the archive.
This then paves the way for the decoy document to be dropped, and the PlugX payload sets up a save on the infected host.
“BRONZE PRESIDENT demonstrated the ability to pivot quickly for new intelligence-gathering opportunities,” the researchers said. “Organizations in geographic regions of interest to China should closely monitor the activities of this group, particularly organizations affiliated with or acting as government agencies.”