Threat Actor Carderbee
Overview
Carderbee is a previously unknown APT (Advanced Persistent Threat) group. They make use of the legitimate Cobra DocGuard software to carry out a supply chain attack to deploy the Korplug backdoor on their victims' computers. Their most of the victims include Hong Kong and the other Asia-based individuals or organizations.
Supply Chain Attack
The threat actors behind Carderbee are highly skilled and patient. They can leverage both a supply chain attack and signed malware for their attacks, trying to stay under the radar. Their malicious activity was once seen on about 100 computers of the impacted organizations but, the Cobra Docguard software was installed on around 2000 computers. It indicates that the attackers may be selectively pushing payloads to specific victims.
In 2023, various distinct malicious malware families were deployed with the help of this method. In one case, a downloader deployed by these attackers had a digitally signed certificate from Microsoft, called Microsoft Windows Hardware Compatibility Publisher. A malware signed with seemingly legitimate certificate makes it much harder for security software to detect.
Prevention
In order to overcome such attacks a highly advanced cybersecurity program must be utilized. It should also contain some of the most advanced security solutions, email as well as web content filtering, antiviruses, and threat hunting measures. Application of Zero Trust Model, Multifactor Authentication, in-depth defense, etc., are a must to prevent and mitigate the potential damage done by Carderbee..
Takeaway!
Carderbee poses a great threat to various government organizations of different countries. However, it is not impossible to stop and/or mitigate its attacks. Making use of all the advanced anti-threat technologies can surely help in identifying and hunting its malware or spyware. Regular trainings of employees regarding various threat actors and regular network checkups can be of great help in fighting with it.
Comments
Post a Comment