【Whitepaper】Cyber Threats against Taiwan’s 2024 Presidential Election
Threat Intelligence

CloudDragon's Campaign: VPN Zero-day Vulnerability + New Backdoor

2021.07.01Cyber Threat Intelligence
TeamT5 recently discovered two installers of a newly identified backdoor which we named MemzipRAT. The backdoor is named after an embedded string "get module from cmd memzip : %d" inside the PE files.

About TeamT5's Research Findings

With further investigation, we believe this attack was aiming at a South Korean company in the aerospace sector. The company is part of a top 10 conglomerate in South Korea, whose business includes aerospace, chemicals, financial services, IT, etc.
In fact, CloudDragon has been accused of using VPN vulnerabilities to attack numerous entities, including Korean government agencies [1], recently. It is highly possible that they deployed their new malware by the new vulnerability in this case as well.

Yet, there are two key factors that might pull the trigger of massive intrusions:
  1. VPN vulnerability
    The VPN market in 2020 is USD $30 billion worldwide. That is, the market is huge and has multiple players inside. It could be a starting point for actors to infiltrate various corporations not only in South Korea, but to the whole world.
  2. Sectors involved
    As the identified target involved in crucial sectors, such as IT, it has a great chance to affect hundreds of entities in a short period.

We strongly advise everyone to take careful attention to CloudDragon's recent campaign for it might end up a severe supply chain attack.


*Image courtesy of Pixabay
2021.07.01Cyber Threat Intelligence

Related Post


Another CloudDragon attack abusing VPN zero-day vulnerability to target South Korean entities

supply chain attack, cyber espionage, CloudDragon, South Korea, cyber threat intelligence, threat hunting
We use cookies to provide you with the best user experience. By continuing to use this website, you agree to ourPrivacy & Cookies Policy.