WIP19 targets IT service providers and telcos with custom malware
WIP19 targets IT service providers and telcos with custom malware
Threat Level
Actor Report
For a detailed threat advisory, download the pdf file here
Summary
WIP19, a Chinese APT group is using legitimate and stolen certificates to sign malware, such as SQLMaggie, ScreenCap, and a credential dumper which it then used to target telecommunications and IT services organizations in Asia and the Middle East.