Chinese APT sets sights on Middle East government orgs
Middle Eastern government organizations, particularly those focused on human rights issues, have been targeted by a Chinese-speaking cyber espionage group known as Tropic Trooper (also referred to as APT23, Pirate Panda, Earth Centaur, and KeyBoy). The campaign began in June 2023 and involved exploiting vulnerabilities in Microsoft Exchange Server and Adobe ColdFusion to install an updated version of the China Chopper web shell on servers running the Umbraco CMS. This breach enabled the attackers to perform lateral movements, network scanning, and security bypasses, and to deploy the Crowdoor malware. Crowdoor facilitated persistent access, Cobalt Strike delivery, data exfiltration, reverse shell execution, and self-deletion capabilities. The attackers specifically targeted a content management platform that published studies on human rights in the Middle East, with a focus on the Israel-Hamas conflict. The analysis by Kaspersky highlighted the deliberate nature of this attack on a singular system. Malware: CrowDoor, KeyBoy, Yahoyah, SparrowDoor, FamousSparrow, CobaltStrike, TropicTrooper, ChinaChopper CVEs: CVE-2021-34473, CVE-2021-34523, CVE-2021-31207, CVE-2023-26360 [View Article](https://www.scmagazine.com/brief/chinese-apt-sets-sights-on-middle-east-government-orgs)