Palo Alto Discovers New China-linked Malware Dubbed Reaver
Ami Rojkes Dombe
| 16/11/2017
https://www.bleepingcomputer.com/news/security/windows-control-panel-links-abused-in-cyber-espionage-campaign
Palo Alto's Unit 42 research group has discovered a new malware family named Reaver with ties to hackers who use the SunOrcal malware. "SunOrcal activity has been documented to at least 2013, and based on metadata surrounding some of the C2s, may have been active as early as 2010," according to the publication.
The group claims that "the new family appears to have been in the wild since late 2016 and to date we have only identified 10 unique samples, indicating it may be sparingly used. Reaver is also somewhat unique in the fact that its final payload is in the form of a Control panel item, or CPL file. To date, only 0.006% of all malware seen by Palo Alto Networks employs this technique, indicating that it is in fact fairly rare.
"While we don’t have information on the intended targets in this case, previous reports on this activity have identified targeting primarily among the 'Five Poisons' which are movements the Chinese government perceives as dangerous. They are: Uyghurs, particularly those supporting East Turkestan independence; Tibetans, particularly those supportive of Tibetan independence; Falun Gong practitioners; Supporters of Taiwan independence; and Supporters of Chinese democracy."
https://www.bleepingcomputer.com/news/security/windows-control-panel-links-abused-in-cyber-espionage-campaign
Palo Alto's Unit 42 research group has discovered a new malware family named Reaver with ties to hackers who use the SunOrcal malware. "SunOrcal activity has been documented to at least 2013, and based on metadata surrounding some of the C2s, may have been active as early as 2010," according to the publication.
The group claims that "the new family appears to have been in the wild since late 2016 and to date we have only identified 10 unique samples, indicating it may be sparingly used. Reaver is also somewhat unique in the fact that its final payload is in the form of a Control panel item, or CPL file. To date, only 0.006% of all malware seen by Palo Alto Networks employs this technique, indicating that it is in fact fairly rare.
"While we don’t have information on the intended targets in this case, previous reports on this activity have identified targeting primarily among the 'Five Poisons' which are movements the Chinese government perceives as dangerous. They are: Uyghurs, particularly those supporting East Turkestan independence; Tibetans, particularly those supportive of Tibetan independence; Falun Gong practitioners; Supporters of Taiwan independence; and Supporters of Chinese democracy."
