"Data Loss Prevention Company Hacked by Tick Cyberespionage Group"

ESET researchers have discovered that a Data Loss Prevention (DLP) company in East Asia has been compromised. During the intrusion, the attackers launched at least three malware families, compromising both the company's internal update servers and third-party tools. This resulted in the subsequent compromise of two customers of the company. ESET attributes with high confidence the campaign to the Tick Advanced Persistent Threat (APT) group. Based on Tick's profile, cyber espionage was most likely the purpose of the attack. The DLP company's customer base includes government and military groups, making it an attractive target for an APT group. The attackers compromised the DLP company's internal update servers to deliver malware within the software developer's network, and trojanized installers of legitimate third-party tools used by the company, resulting in the execution of malware on the computers of the company's customers, according to ESET researcher Facundo Muoz, who discovered Tick's latest operation. During the attack, the malicious actors deployed ShadowPy, a previously undocumented downloader, as well as the Netboy backdoor, also known as Invader, and the Ghostdown downloader. This article continues to discuss the compromise of DLP company by the Tick cyber espionage group. 

Help Net Security reports "Data Loss Prevention Company Hacked by Tick Cyberespionage Group"