Sophos says the group’s work, which it believes was overseen by China’s Ministry of State Security, stopped in August of that year.
But the updated report says that’s not the only activity that has resumed, using a previously undocumented keylogger, the attacks have spread, including hitting two non-governmental organizations with what Sophos says have a government-related role, as well as other targets in Southeast Asia. .
“It’s unlikely that this threat group is chasing the only victims we’ve seen,” Chester Wisniewski, Sophos’ global CTO, said in an interview. “We have been able to be seen in certain organizations because they are our clients, so we hope by sharing this information, our competitors who may be protecting similar organizations in the region can use the information we have to identify more jobs and maybe add their information to paint a complete picture.”
Source link