China-Linked Cyber Espionage: Velvet Ant’s Three-Year Infiltration of East Asian Organization Exposed
Velvet Ant, a suspected China-nexus cyber espionage actor, infiltrated an East Asian organization for three years using legacy F5 BIG-IP appliances. Cybersecurity firm Sygnia’s recent findings highlight Velvet Ant’s sophisticated tactics, including the use of PlugX malware and disabling endpoint security. The threat actor’s persistence reveals vulnerabilities in edge devices.
Hot Take:
When it comes to sneaky cyber espionage, “Velvet Ant” makes James Bond look like a clumsy intern spilling coffee on his keyboard. With three years of undercover activity and a flair for turning outdated servers into their personal playground, these cyber spies deserve an Oscar for Best Adaptation in a Thriller.
Key Points:
- Velvet Ant targeted an unnamed East Asian organization for three years using legacy F5 BIG-IP appliances.
- The attack involved the sophisticated use of the PlugX backdoor and DLL side-loading technique.
- Endpoint security software was disabled using open-source tools like Impacket.
- Two versions of PlugX were deployed: one for endpoints with internet access and another for internal servers.
- Forensic analysis revealed additional tools like PMCD and EarthWorm, commonly associated with other Chinese cyber espionage groups.
Already a member? Log in here