Unfading Sea Haze
Description
(Bitdefender) Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack’s aim, we believe the threat actor is aligned with China’s interests. As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs. We noticed multiple times that the actor was regaining access to the victim’s systems either because of improper credential hygiene or because of bad patching strategies of the edge devices and exposed web services. Thus, this publication intends to raise awareness of the importance of respecting essential best practices that ensure security and to share with the community information that could help detect and disrupt Unfading Sea Haze’s espionage activities.
Names
| Name | Name-Giver |
|---|---|
| Unfading Sea Haze | Bitdefender |
Country
Motivation
- Information theft and espionage
First Seen
2018
Observed Sectors
Observed Countries
Tools
- DustyExfilTool
- EtherealGh0st
- FluffyGh0st
- InsidiousGh0st
- Ps2dllLoader
- SerialPktdoor
- SharpJSHandler
- SharpZulip
- SilentGh0st
- Stubbedoor
- TranslucentGh0st
- xkeylog
Information
Other Information
Uuid
9c8eed73-c475-4eb2-a2b0-df46016d7446
Last Card Change
2024-06-18