German Intelligence Agency BfV that offers cyber threat information from time to time has warned all the companies operating in its region about a possible cyber attack carried out by APT27, the China-based hacking group also known with other names such as Iron Tiger, Bronze Union, Emissary Panda, Lucky Mouse and Masking Panda.
BfV inputs suggest that the said hacking group has already exploited flaws in the Zoho Adshelf Service Plus software that is used to enter passwords in enterprise management systems, cloud apps and active directories in an automated way.
According to the Bundesamt fur Verfassungsschutz, some of the German computer networks were compromised by HyperBro Remote Access Trojans (RAT) that acts as an in-memory backdoor access decked with remote administration capabilities.
Thus, HyperBro is allowing hackers to steal intellectual property through supply chain attacks and the espionage campaign is suspected to be taking place since March 2021.
Certain YARA Rules and pointers to detect compromise were published by the BfV to keep a check on HyperBro Infections and Connections to APT27 Command and Control servers.
Note- APT27 is compromising networks of companies related to healthcare, energy, technology, education, and defense sectors- as a per a report released by Palo Alto Networks and has so far targeted over 9 multinational organizations on a global note.
