In November 2016, a string of spear phishing attacks targeted Japanese governmental agencies. The Trojan in this attack was dubbed BKDR_ChChes by the anti-virus vendor Trend Miro. Tactics, Techniques, and Procedures (TTP’s) show this was a targeted campaign using custom malware attributed to a known hacking group. Whether the Trojan was developed from the hacking group source code leak in 2015, or if it was designed by the hacking group on behalf of the attackers, is an intelligence gap.
Publication Date: January 10, 2016
Handling Requirements: Traffic light protocol (TLP) AMBER
Attribution/Threat Actors: known hacking group, unknown Chinese threat actors
Actor Type: Adversary capabilities have been assessed as TIER III
Potential Targets: Japanese Government, Worldwide Governments / Worldwide Businesses
Previous Reporting: Red Sky Alliance: DOC-2343
The full report may be viewed in the Red Sky Alliance as DOC-4606.
Contact Wapack Labs for more information.