CardinalLizard
Description
(Kaspersky) We are moderately confident that this is a new collection of Chinese-speaking activity targeting businesses, active since 2014. Over the last few years, the group has shown an interest in the Philippines, Russia, Mongolia and Malaysia, the latter especially prevalent during 2018. The hackers use a custom malware featuring some interesting anti-detection and anti-emulation techniques. The infrastructure used also shows some overlaps with Roaming Tiger and previous PlugX campaigns, but this could just be due to infrastructure reuse under the Chinese-speaking umbrella.
Names
| Name | Name-Giver |
|---|---|
| CardinalLizard | Kaspersky |
Country
Motivation
- Information theft and espionage
First Seen
2014
Observed Countries
Tools
Information
Other Information
Uuid
e69f77ea-849d-4497-9f87-ca96df6921e2
Last Card Change
2020-04-29