WIP19 targets IT service providers and telcos with custom malware

Threat Level

Actor Report

For a detailed threat advisory, download the pdf file here

Summary

WIP19, a Chinese APT group is using legitimate and stolen certificates to sign malware, such as SQLMaggie, ScreenCap, and a credential dumper which it then used to target telecommunications and IT services organizations in Asia and the Middle East.