Operation Cobalt Whisper that ran between May and September 2024.
The suspected Southeast Asian threat operation UNG0002 has been targeting various organisations across China, Hong Kong, and Pakistan as part of two key attack campaigns.
The intrusions were part of Operation Cobalt Whisper that ran between May and September 2024 and involved spear-phishing emails with ZIP archives that distributed Cobalt Strike beacons, LNK and Visual Basic Scripts, and a post-exploitation framework, according to an analysis from Seqrite Labs.
Reported by The Hacker News, the targeted organisations were in various sectors. Spear-phishing emails were also leveraged to facilitate the distribution of malicious LNK files that inject the Blister DLL loader and INET RAT as part of Operation AmberMist, which took place between January and May, said researchers.
Those researchers also noted the impersonation of Pakistan's Ministry of Maritime Affairs to trigger Shadow RAT-executing PowerShell commands.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
