New Spike in Malware from Chinese Cybercriminals Floods the Threat Landscape – Proofpoint Research
septembre 2023 par Proofpoint, Inc.
This Wednesday, Proofpoint published a new research revealing an upward spike in malware targeting Chinese-language speakers in organizations across the globe.
The findings underline the expansion of the Chinese malware ecosystem, an increase in activity by Chinese speaking cybercrime operators, and the open access they now have to China-specific resources and targets. All this places a serious challenge to the current dominance of Russian-speaking cybercrime market in the threat landscape.
Here is a quick overview of the evidence :
• In 2023, Proofpoint observed over 30 campaigns leveraging Chinese-language malware, such as the newly discovered ValleyRAT and the older Sainbox RA (a variant of Gh0stRAT) and Purple Fox.
• Nearly all lures are in Chinese, although Proofpoint has also observed messages in Japanese targeting organizations in that country.
• After years of this malware not appearing in Proofpoint threat data, their appearance in multiple campaigns over the last six months is notable.
• Multiple threat actors instead of one are driving the spike. These attacks appear to be financially motivated with no indication of state-backed aims.