Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific
'TIDrone' Cyberattackers Target Taiwan's Drone Manufacturers
The Chinese-speaking group is launching sophisticated malware towards military and satellite targets globally.
September 9, 2024
A threat actor dubbed "TIDrone" by researchers is actively going after military- and satellite-related industrial supply chains, particularly drone manufacturers in Taiwan.
That's according to Trend Micro, which linked TIDrone to other Chinese-speaking groups and noted that it uses enterprise resource planning (ERP) software or remote desktop tools to deploy advanced, proprietary malware.
"Since the beginning of 2024, we have been receiving incident response cases from Taiwan," according to an analysis from the firm. "[However], telemetry from VirusTotal indicates that the targeted countries are varied; thus, everyone should stay vigilant of this threat."
The specialized toolsets include "CXCLNT," which can upload and download files, collect victim information such as file listings and computer names, and comes complete with stealth capabilities. Another weapon is "CLNTEND," a remote access tool (RAT) first seen last April that supports a wide range of network protocols for communication.
Once TIDrone has compromised a target, it deploys user account control (UAC) bypass techniques, credential dumping, and hacktool usage to disable antivirus products, according to the analysis.
"The threat actors have consistently updated their arsenal and optimized the attack chain," the researchers noted. "Notably, anti-analysis techniques are employed in their loaders, such as verifying the entry point address from the parent process and hooking widely used application programming interfaces (APIs) like GetProcAddress to alter the execution flow."
Read more about:
DR Global Asia PacificAbout the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024