Operation Cobalt Whisper: Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan
Oct. 24, 2024, 2:21 p.m.
Tags
External References
Description
A sophisticated cyber espionage campaign dubbed Operation Cobalt Whisper has been uncovered, targeting various industries in Hong Kong and Pakistan. The threat actor focuses on the defense sector, engineering researchers, and key entities in these regions, using tailored lures related to electrotechnical societies, energy infrastructure, and environmental engineering. The campaign heavily relies on Cobalt Strike for post-exploitation, deploying it through obfuscated VBScript. The attack chain involves malicious LNK files, VBScript, and Cobalt Strike beacons. The operation has been active since May 2024, with over 20 infection chains identified. The threat actor's tactics suggest a methodical approach to cyber-espionage, aiming to compromise sensitive research and intellectual property.
Date
Published: Oct. 24, 2024, 12:59 p.m.
Created: Oct. 24, 2024, 12:59 p.m.
Modified: Oct. 24, 2024, 2:21 p.m.
Attack Patterns
Cobalt Strike - S0154
T1053.005
T1059.005
T1055.002
T1071.001
T1204.002
T1566.001
T1033
Additional Informations
Technology
Energy
Defense
Transportation
Education
Government
Manufacturing
British Indian Ocean Territory
Hong Kong
India
China
Pakistan