"China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies"

Government and telecommunications organizations are facing new attacks by a threat actor linked to China, tracked as Budworm, which has been using an updated malware toolkit. The attacks against a Middle Eastern telecommunications company and an Asian government, occurred in August 2023, with the adversary using an updated version of its SysUpdate toolkit. Budworm, also known as APT27, Bronze Union, Emissary Panda, Iron Tiger, Lucky Mouse, and Red Phoenix, has been active since at least 2013, targeting various industry verticals in pursuit of its intelligence-gathering objectives. The nation-state group uses Gh0st RAT, HyperBro, PlugX, SysUpdate, ZXShell, and more to exfiltrate high-value data and maintain access to sensitive systems for an extended time. This article continues to discuss findings regarding the Budworm threat actor.

THN reports "China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies"

Submitted by grigby1

Submitted by Gregory Rigby on