Professional Documents
Culture Documents
means, and (3) have the capability to mount a disabling cyberattack when the moment
suited.
The bottom line is that China sanctions and engages in hacking as a matter of course.
While some hacking is specific, other hacking efforts are designed just to gather
information to expand files and data bases.
The Trojan also masks its activities using the legitimate regsvr32.exe program,
schedules a range of innocent-looking tasks, and creates calling functions to run
JavaScript code.
An interesting aspect of the Trojan found within the dropper code is a link to a blog
hosted on the Chinese Software Developer Network (CSDN) website which contains
an "almost identical" code sample of a click-tracking system in the malware.
"The JavaScript code in probe_sl.js uses a click-tracking technique, presumably so the
actors can monitor who is visiting their site," the researchers note. "It may also be an
attempt to control the distribution of later stage malware and tools, by only sending
it in response to requests from desired victims or vulnerable systems, and dropping
requests from others such as researchers."
Palo Alto Networks believes that the threat actors behind KHRAT have evolved the
Trojan to include targeted spear phishing and click-tracking in order to more
successfully target victims of interest in Cambodia.
Considering the political nature of the spear phishing emails, the campaigns may have
the purpose of spying on political rivals or disrupting political activity.
"This most recent campaign highlights social engineering techniques being used with
reference and great detail given to nationwide activities, likely to be forefront of
peoples' minds," the researchers say. "We believe this malware, the infrastructure
being used, and the TTPs (tactics, techniques, and procedures) highlight a more
sophisticated threat actor group, which we will continue to monitor closely."
Thayer Consultancy provides political analysis of current regional security issues and
other research support to selected clients. Thayer Consultancy was officially
registered as a small business in Australia in 2002.