Southeast Asia targeted by new Crimson Palace attack clusters

More extensive compromise of Southeast Asian government organizations have been conducted by three China-linked threat clusters as part of the state-sponsored Crimson Palace cyberespionage operation, The Hacker News reports.

Simultaneous target infiltration and reconnaissance, network compromise, and data exfiltration activities have been performed by Clusters Alpha, Bravo, and Charlie, respectively, beginning March 2023, according to an analysis from Sophos. Despite only being active last March, the Unfading Sea Haze-linked Cluster Bravo was observed to have targeted nearly a dozen government agencies and organizations across Southeast Asia between January and June, while the Earth Longzhi-linked Cluster Charlie was able to deliver various command-and-control frameworks and malicious payloads from September 2023 to June 2024. Attacks by Cluster Charlie also involved open-source programs Alcatraz and RealBlindingEDR for antivirus systems bypass, as well as the TattleTale keylogger. “Throughout the engagement, the adversary appeared to continually test and refine their techniques, tools, and practices,” researchers said.