Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific

Chinese 'Tropic Trooper' APT Targets Mideast Governments

In the past, the group has targeted different sectors in East and Southeast Asia, but recently has pivoted its focus to the Middle East, specifically to entities that publish human rights studies.

Dark Reading Staff, Dark Reading

September 5, 2024

1 Min Read
Blue code on a black screen creating the shape of a skull
Source: James Thew via Alamy Stock Photo

An investigation into a China-linked advanced persistent threat (APT) group known as Tropic Trooper has revealed an espionage campaign targeting government entities in the Middle East.

The effort has been ongoing since June 2023, but the group itself has been active since 2011 and has a history of targeting government, healthcare, transportation, and high-tech sectors in Taiwan, the Philippines, and Hong Kong.

Now, however, Tropic Trooper has switched up its focus, targeting government entities that specifically publish human rights studies in the Middle East related to the Israel-Hamas war. Researchers at Kaspersky discovered the onslaught in June, after finding a new China Chopper Web shell variant on a public Web server hosting Umbraco, an open source content management system. 

After further investigation, the researchers discovered multiple malware sets on the public server, including post-exploitation tools, Web shells, and DLL search-order hijacking implants. The attack chain was designed to ultimately deliver a malware implant known as Crowdoor, the researchers concluded.

Read more about:

DR Global Middle East & Africa

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

A filing cabinet folder labeled "Startups"
Cybersecurity Operations
When Startup Founders Should Start Thinking About CybersecurityWhen Startups Should Think About Cybersecurity
byNate Nelson, Contributing Writer
Sep 12, 2024
6 Min Read
Black background and white text saying Dark Reading Confidential
Vulnerabilities & Threats
Dark Reading Confidential: Pen Test Arrests, Five Years LaterDark Reading Confidential: Pen Test Arrests, Five Years Later
byDark Reading Staff
Sep 10, 2024
42 Min Listen
Yellow spider with black stripes and black and yellow legs perched on a web
Сloud Security
Socially Savvy Scattered Spider Traps Cloud Admins in WebSocially Savvy Scattered Spider Traps Cloud Admins in Web
byElizabeth Montalbano, Contributing Writer
Sep 12, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events