EXECUTIVE SUMMARY:
Eight waves of cyber attacks:
Between December of 2018 and June of 2019, cyber security researchers observed eight different waves of cyber attacks across Southeast Asia. The attacks were conducted by a group known as Rancor, a state-sponsored group with ties to the Chinese government.
The group commenced operations with clever social engineering tactics that included disseminating fake official documents, press releases and surveys. These attachments were threaded with malware, compromising users’ computers or devices. Targets included Southeast Asian governments, embassies and government-related entities.
As time passed, Rancor mutated its tactics, techniques and procedures (TTPs), creating increasingly sophisticated and complex cyber attack campaigns.
New methodologies included:
- Using macros
- Using JavaScript
- Exploiting known vulnerabilities in Microsoft’s Equation Editor
- Using anti-virus programs sideloaded with malicious libraries for the distribution of malware
Once malware was downloaded onto a given target’s computer, the malware allowed hackers full access to the computer’s contents, including access to sensitive government files.
Will these malware-laden cyber attacks continue?
“We expect the group to continue to evolve, constantly changing their TTPs in the same manner as we observed throughout the campaign, as well as pushing their efforts to bypass security products and avoid attribution,” said the researchers who identified the attacks.
For more information on Rancor’s malware-focused activities in Southeast Asia, visit The Next Web.
