SecureList

JUNE 2, 2022

It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors. Leaving the mystery of the delivery method aside for now, let’s look at the capabilities of the malware itself.

Malware 113

Malware Encryption Social Engineering Telecommunications 113

SecureList

DECEMBER 23, 2020

The companies that appeared to be of special interest to the malicious actors may have been subjected to deployment of additional persistent malware. Read more about our research on Sunburst malware here. Several publicly available data sets, such as the one from John Bambenek, include DNS requests encoding the victim names.

Malware 57

Malware Telecommunications DNS Government 57

SecureList

APRIL 27, 2021

In our initial report on Sunburst , we examined the method used by the malware to communicate with its C2 (command-and-control) server and the protocol used to upgrade victims for further exploitation. This campaign made use of a previously unknown malware family we dubbed FourteenHi.

Malware 138

Malware Spyware Government Social Engineering 138