Southeast Asian APT Group Saaiwc Targets Military and Financial Departments with PowerDism Backdoor
Southeast Asian APT Group Saaiwc Targets Military and Financial Departments with PowerDism Backdoor
Threat Level
Actor Report
For a detailed threat advisory, download the pdf file here
Summary
Saaiwc Group (APT-LY-1005) is a newly identified APT group that is thought to operate in Southeast Asia. The group’s main tactic is to use an ISO file as a malicious payload, which when executed, injects a PowerShell command into the local registry and loads a PowerShell backdoor named PowerDism.