 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: Operation SalmonSlalom| Names | Operation SalmonSlalom (Kaspersky) | |
| Country |  China | |
| Motivation | Information theft and espionage | |
| First seen | 2025 | |
| Description | (Kaspersky) A Kaspersky ICS CERT investigation uncovered a cyberthreat specifically targeting various industrial organizations in the Asia-Pacific region. The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure. The attackers employed a sophisticated multi-stage payload delivery framework to ensure evasion of detection. Their techniques included the use of a native file hosting CDN, publicly available packers for sample encryption, dynamic changes in command and control (C2) addresses, a CDN hosting the payload, and the use of DLL sideloading. | |
| Observed | Sectors: Construction, Financial, Government, Healthcare, IT, Manufacturing, Telecommunications. Countries: China, Hong Kong, Japan, Malaysia, Philippines, Singapore, South Korea, Taiwan, Thailand, Vietnam. | |
| Tools used | FatalRAT. | |
| Information | <https://ics-cert.kaspersky.com/publications/reports/2025/02/24/fatalrat-attacks-in-apac-backdoor-delivered-via-an-overly-long-infection-chain-to-chinese-speaking-targets/> | |
Last change to this card: 02 March 2025
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |