Threat Advisories

WIP19 targets IT service providers and telcos with custom malware

October 18, 2022

Threat Level

Red

Actor Report

For a detailed threat advisory, download the pdf file here

Summary

WIP19, a Chinese APT group is using legitimate and stolen certificates to sign malware, such as SQLMaggie, ScreenCap, and a credential dumper which it then used to target telecommunications and IT services organizations in Asia and the Middle East.

Budworm Attackers Return with New Espionage Strikes Against the United States

Prestige Ransomware impacts transportation industry in Ukraine and Poland