Operation DevilTiger: APT-Q-12's Shadowy Tactics and Zero-Day Exploits Unveiled
The QiAnXin Threat Intelligence Center has revealed the tactics of a cyber espionage campaign known as "Operation DevilTiger," carried out by APT-Q-12, a group with connections to the Darkhotel cyber espionage operations. This group, active in Northeast Asia, uses zero-day vulnerabilities to target entities in China, North Korea, Japan, South Korea, and other East Asian countries. APT-Q-12 meticulously gathers information to exploit vulnerabilities in email clients and office software, tailoring their attacks to the specific platforms used by their targets. They employ Command and Control (C2) probes disguised in emails and documents to gather intelligence and deliver tailored zero-day exploits. Once inside a system, they use plugins for data exfiltration, including browser steganography for credential harvesting and keyloggers for capturing sensitive information. The group's activities are linked to geopolitical strategies, particularly intelligence related to semiconductor competition and political dynamics in the region. The report emphasizes the importance of advanced endpoint detection and response solutions and cloud-based threat intelligence services to defend against such sophisticated threats. Malware: DarkHotel(Windows), Darkhotel, Baijiu, OperationDevilTiger, APT-Q-12, PseudoHunter, BaijiuAction, APT-Q-11, ShadowTiger, APT-Q-14, ClickOnce [View Article](https://securityonline.info/operation-deviltiger-apt-q-12s-shadowy-tactics-and-zero-day-exploits-unveiled/)