skip to Main Content

Cyber Espionage, new global campaign by Cicada

New global cyber espionage campaign by Cicada. Symantec cybersecurity experts: The China-linked APT used unpatched vulnerabilities in Microsoft Exchange, the Sodamaster backdoor and other custom malware and tools

Cicada has recently launched a new massive cyber espionage campaign. It has been discovered by Symantec cybersecurity experts. The China-linked APT is attacking organizations around the world in a campaign that has been ongoing for several months. Victims include government, legal, religious and NGOs organizations. Moreover, it seems that state-sponsored hackers could have used unpatched vulnerabilities in Microsoft Exchange to gain access to victim networks. One inside, they deployed different tools, including a custom malware (a loader) and the Sodamaster backdoor. It is a fileless malicious code, capable of multiple functions. Furthermore, attackers dumped credentials via a custom Mimikatz loader and exploit the legitimate VLC media player, by launching a custom loader via the “Exports” functions, using also WinVNC for remote controle of the victim machines. Other tools include: RAR archiving tool, System/Network discovery, WMIExec and NBTScan.

Back To Top