New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Numerous living-off-the-land and public tools have also been leveraged by Budworm in addition to its enhanced SysUpdate backdoor, which features screenshot capturing, drive data retrieval, and file operation and command execution capabilities, according to a report from the Symantec Threat Hunter Team.
However, Budworm was only able to achieve credential harvesting in its most recent attacks, suggesting that the intrusions may have been thwarted early.
“That Budworm continues to use a known malware (SysUpdate), alongside techniques it is known to favor, such as DLL side-loading using an application it has used for this purpose before, indicates that the group isn’t too concerned about having this activity associated with it if it is discovered,” said researchers.
Source : SC Media