A new Chinese state-sponsored hacking group (also known as an APT) has infected more than 200 systems across Southeast Asia with malware over the past two years.Appears to be primarily interested in cyber-espionage, concentrating on stealing sensitive documents from infected hosts, with a special focus on national security and industrial espionage.
The malware infections are part of a widespread cyber-espionage campaign carried out by a group named FunnyDream, targets in Malaysia, Taiwan, and the Philippines, with the most victims being located in Vietnam
Payloads has 3 malwares Chinoxy, PCShare, and FunnyDream
Each of the three malware strains has a precise role. Chinoxy was deployed as the initial malware, acting as a simple backdoor for initial access.
PCShare, known Chinese open-source remote access trojan, was deployed via Chinoxy and was used for exploring infected hosts.
FunnyDream was deployed with the help of PCShare, and was the most potent and feature-rich of the three, had more advanced persistence and communication capabilities, and was used for data gathering and exfiltration.
“Even looking at the tool usage timeline we can see that threat actors started by deploying a series of tools meant for quick and covert data exploration and exfiltration, and later decided to bring on a full toolkit, specifically the FunnyDream toolkit, for prolonged surveillance capabilities,” using living of the land tools