HQ/EMEAFind out how we can help your business
The Chinese state-sponsored advanced persistent threat group, APT15, has created a new malware called Graphican. This notorious APT group is known by its other names, BackdoorDiplomacy and Vixen Panda.
This Graphican malware campaign has been operating since 2022 and persisted until this year. The primary objective of the malware operators is to target and compromise the foreign affairs ministries in several countries on the American continent, especially in the United States.
However, researchers believe the threat actors could also target other entities despite focusing on the American region. Previous reports showed that the APT15 group targeted firms selling products in Central and South America. They have also compromised a European entity and targeted a government-backed finance department.
Researchers claimed that this APT group has already used several malware strains besides Graphican in past attacks this year.
According to investigations, the APT15 group utilised various malware strains, such as EWSTEW, Mimikatz, SharpSecDump, and Lazagne, before creating the Graphican malware.
In addition, the group has recently exploited CVE-2020-1472, a privilege escalating flaw that could impact the Netlogon Remote Protocol. A successful exploit of the critical vulnerability could allow an attacker to operate a specially modified app on a device in the targeted network.
Threat analysts explained that the Graphican malware is an upgrade of a previously uncovered malware called Ketrican.
Ketrican is a backdoor that uses the MS Graph API and OneDrive for its command-and-control infrastructure. This feature allows the malware to acquire encrypted addresses making it persistent malware.
Therefore, the new Graphican includes an evolved tactic that consists of the deactivation of Internet Explorer’s first-run wizard, authentication with MS Graph API, decryption of folder names for use as command-and-control servers, development of unique Bot IDs, and executing commands received from the C2 server.
APT15 has constantly shown efforts to develop new tools. The group is notorious for creating malicious tools, such as Graphican, to target exploitable targets. The current target selection of APT15 shows that the earlier-mentioned entities should be wary of the threats posed by the hacking group. Therefore, American organisations should know the IOCs surrounding the APT and its tools.
