Operation PZChao: Chinese Iron Tiger APT ‘back’ with data-stealing, bitcoin-mining espionage malware
Security researchers have discovered a custom-built piece of malware wreaking havoc in Asia for several months that could signal the return of the notorious Chinese hacker group – Iron Tiger. According to researchers at Bitdefender, attacks by Operation PZChao have been targeting institutions in the government, technology, education and telecommunications sector in Asia and the US.
The attack uses highly targeted spam messages along with a malicious VBS file attached to download additional payloads from a distribution server. As of 17 July 2017, the server hosting “down.pzchao.com” was resolved to an IP address located in South Korea, researchers said.
“The threat actors behind the attack have control over five subdomains of the “pzchao.com” domain. Suggestively named, these domains serve specific functionalities, such as upload, download and RAT related communication,” Bitdefender said in a report.
Source | ibtimes