"Bronze Starlight Targets the Southeast Asian Gambling Sector"

SentinelOne observed Bronze Starlight, also known as APT10, Emperor Dragonfly, and Storm-0401, an Advanced Persistent Threat (APT) group with ties to China, targeting the Southeast Asian gambling sector. The malware and infrastructure used in the campaign are similar to those observed in Operation ChattyGoblin, which the security company ESET attributed to threat actors linked to China. According to SentinelOne, the threat actors used DLL hijacking of executables of Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan executables to launch Cobalt Strike beacons. Bronze Starlight is a nation-state group known for using ransomware as a distraction or misattribution technique. The perpetrators used modified chat application installers to download .NET malware loaders. The loaders then retrieve a second-stage payload contained in a password-protected ZIP archive from Alibaba buckets. This article continues to discuss the ongoing campaign attributed to China-linked Bronze Starlight targeting the Southeast Asian gambling sector.

Security Affairs reports "Bronze Starlight Targets the Southeast Asian Gambling Sector"