Grayling
Description
(Symantec) A previously unknown advanced persistent threat (APT) group used custom malware and multiple publicly available tools to target a number of organizations in the manufacturing, IT, and biomedical sectors in Taiwan.
A government agency located in the Pacific Islands, as well as organizations in Vietnam and the U.S., also appear to have been hit as part of this campaign. This activity began in February 2023 and continued until at least May 2023.
The Symantec Threat Hunter Team, part of Broadcom, has attributed this activity to a new group we are calling Grayling. This activity stood out due to the use by Grayling of a distinctive DLL sideloading technique that uses a custom decryptor to deploy payloads. The motivation driving this activity appears to be intelligence gathering.
Names
| Name | Name-Giver |
|---|---|
| Grayling | Symantec |
Country
Motivation
- Information theft and espionage
First Seen
2023
Observed Sectors
Observed Countries
Tools
Information
Other Information
Uuid
2a0a5e70-688e-4480-9267-154163b45f8f
Last Card Change
2023-10-13