Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor “Boosting Your Immune System During the COVID-19 Pandemic” “Strengthening Your Immunity During the COVID-19 Crisis”
Mar 30, 2023 saw the uncovering of a custom Windows and Linux backdoor called KEYPLUG, attributed to the Chinese state-sponsored threat activity group RedGolf. The use of KEYPLUG by Chinese threat actors was first disclosed by Google-owned Manidant in March 2022 in attacks targeting multiple U.S. state government networks between May 2021 and February 2022.…
Cyber Espionage Group Earth Kitsune Deploys WhiskerSpy Backdoor in Latest Attacks
The cyber espionage threat actor tracked as Earth Kitsune has been observed deploying a new backdoor called WhiskerSpy as part of a social engineering campaign. Earth Kitsune, active since at least 2019, is known to primarily target individuals interested in North Korea with self-developed malware such as dneSpy and agfSpy. Previously documented intrusions have entailed…
