The Chinese threat known by the Budworm pseudonym has recently begun a new series of cyber attacks for government and telecommunication organs using an updated set of malicious software.
According to Symantec researchers (source), incidents aimed at an unnamed telecommunication organization in the Middle East, as well as the Asian government, occurred in August this year. During the attacks, an advanced version of the Sysupdate tools was used.
Budworm, also known as APT27, Bronze Union, Emissary Panda, Iron Tiger, Lucky Mouse, and Red Phoenix, has been active since at least 2013. The group targets a wide range of industry verticals to achieve their intelligence collection goals.
To exploit valuable information and maintain long-term access to sensitive systems, the group uses vulnerable web services and various hacker tools including China Chopper, GH0ST RAT, HYPERBRO, PLUGX, SYSUPDATE, and ZXSHELL.
“Sysupdate, Budworm has been used at least since 2020, and attackers are constantly improving the tool to improve its capabilities and avoid detection,” says the Symantec report (source).
A 2017 SecureWorks report (source) revealed the attackers’ intent to collect intelligence, security, and policies of organizations worldwide. Experts described the group as a serious threat.
Considering the latest attack reported by Symantec, Budworm hackers are also among the active threats focused on the telecommunication sector of the Middle East.
The Budworm cyber attacks against government and telecommunication organizations highlight the need for constant improvement of cybersecurity measures.
Both private and government companies should regularly update their protection systems to resist sophisticated hackers using advanced tools and attack methods.