At a glance.
- Bronze President shows both enduring interests and adaptability.
- Iranian threat actor activity reported.
- Cybersecurity and small-to-medium businesses.
- Initial access broker repurposes Conti's old playbook for use against Ukraine.
- Conti remnants attract DDoS attacks.
- Kyivstar as a case study in telco resiliency.
Bronze President shows both enduring interests and adaptability.
Secureworks Counter Threat Unit researchers have discovered a PlugX malware campaign targeting government officials’ computers in Europe, the Middle East, and South America. The malware is embedded in RAR archive files that require the user to click a Windows shortcut file. The decoy documents are political in nature, suggesting that the targets are all government officials. This campaign can probably be attributed to the BRONZE PRESIDENT threat group that is likely to be operated by the Chinese government. BRONZE PRESIDENT has shown an enduring interest in such Chinese neighbors as Vietnam and Myanmar, but it's also been responsive to developing crises and emergent requirements, as seen in the interest it's taken in Ukraine as Russia's invasion has developed. "BRONZE PRESIDENT has demonstrated an ability to pivot quickly for new intelligence collection opportunities. Organizations in geographic regions of interest to China should closely monitor this group's activities, especially organizations associated with or operating as government agencies."