HQ/EMEAFind out how we can help your business
The cyberespionage operation dubbed ‘Stayin’ Alive’, active since 2021, targets telecommunication and government entities.
Based on reports, the operator of this campaign is the Chinese threat group, ToddyCat. Currently, it targets various countries, including Kazakhstan, Uzbekistan, Pakistan, and Vietnam and primarily focuses its attacks against the telecom industry and government organisations.
The Stayin’ Alive cyberespionage operation leverages a known vulnerability.
According to investigations, the Stayin’ Alive cyberespionage campaign adopts tactics that could breach its victims’ defences. The operators allegedly rely on spear-phishing emails and DLL sideloading techniques to deploy malicious archive files to unsuspecting recipients.
These attackers exploit a known flaw, tracked by researchers as CVE-2022-23748 in Audinate’s Dante Discovery Software, through hijacking dal_keepaliver.dll, paving the way for their breach.
Once the attackers infiltrate their targeted system, they will deploy various downloaders and loaders to hasten the execution of additional malicious payloads.
Stayin’ Alive is one of the most notorious cyberespionage campaigns today as incidents are not isolated. There has been a significant increase in espionage campaigns from China for the past few months.
For example, the Emissary Panda (aka Budworm) hacking group used a new SysUpdate malware to breach and compromise a Middle Eastern telecom organisation and an Asian government.
In a separate incident, another Chinese cyber espionage operation also targeted the Middle East’s telecom industry, finance sector, and government entities. The APT15 threat group is the alleged operator of the attack.
Organisations and individuals should remain vigilant to safeguard themselves against such cyber threats. Stayin Alive campaign heavily depended on spear-phishing emails; hence, entities should be cautious and not respond to unsolicited messages. These targeted entities should implement robust email security gateways since they could help prevent the delivery of unwanted and potentially harmful emails.
Furthermore, everyone should be knowledgeable and updated with system and software updates, as numerous threat actors exploit known vulnerabilities. Regularly applying these updates can significantly reduce the infection chance from such exploits.
The Stayin Alive campaign is a reminder that cyber threats continue to evolve. Therefore, organisations should also enhance their capabilities to remain one step ahead of these threat actors.
