Chinese security firm NSFOCUS shared details on a cyberespionage campaign by a previously unknown threat actor dubbed ‘DoubleAlienRat.’ The group, which is said to have a high level of hacking skills and extremely high attack and destruction capabilities, is currently focused on targeting Chinese private and state-owned companies, as well as research institutes and government agencies.
The group gains initial access to target networks by exploiting known vulnerabilities. Upon infiltrating the victim network, the attackers perform reconnaissance to assess targets.
The group is using third-party tools, as well as developing custom-made malware, borrowing ideas from other known nation-state actors.
The researchers identified three attack scenarios used by the group. The first attack method involves the tools like NBTscan scanner or Nextnet scanner, in the second the threat actor plants a remote access trojan on compromised devices for surveillance. The third attack scenario involves the threat actors using compromised devices as a phishing email distribution server.
The researchers have not attributed DoubleAlienRat to any particular government but they believe that the threat actor is operating out of Asia and carries out operations under a false flag.