April 25, 2024

Billbug, a chinese state sponsored-hacking group has breached government and defence agencies throughout Asia, as part of a major campaign since March. The gang infiltrated a digital certificate authority, which could lead to Billbug accessing huge amounts of secure internet traffic.

Also been referred to as Thrip, Lotus Blossom, Lotus Panda and Spring Dragon, and has previously been accused of infiltrating organisations in Hong Kong, Macau, Indonesia, Malaysia, the Philippines and Vietnam.

Researchers estimate that this particular campaign is predominantly for information gathering. The targeting of government agencies is most likely driven by espionage motivations,The threat group remains a skilled and well-resourced operator that is capable of carrying out sustained and wide-ranging campaigns.

Advertisements

The threat actor also managed to infiltrate a digital certificate authority. The certificate authority was likely targeted in order to steal legitimate digital certificates.

This would allow Billbug to potentially use compromised certificates to intercept HTTPS traffic, referring to the protocol used by secure websites.

Researchers not found any evidence of this yet, however, and says it has notified the certificate authority in question.

This research was documented by researchers from symantec

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Google Fixes Critical Vulnerability in Chrome -CVE-2024-4058

April 24, 2024

Red Ransomware Victimized Targus

April 23, 2024

Oracle Virtual Box Vulnerability PoC Released – CVE-2024-21111

April 22, 2024

CrushFTP Zeroday Vulnerability Exploited in Wild attack

April 21, 2024

TheCyberThrone Security Week In Review – April 20, 2024

April 21, 2024

MITRE Breached Exploiting Ivanti Zeroday

April 20, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading