Operation Specter: An Active Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia

Description

An analysis reveals long-term espionage operations by a Chinese advanced persistent threat (APT) group against at least seven governmental entities across the Middle East, Africa and Asia since late 2022. The threat actor attempts to obtain sensitive and classified information about diplomatic and economic missions, embassies, military operations, political meetings, ministries and high-ranking officials. The campaign leverages rare email exfiltration techniques against compromised servers and utilizes previously undocumented backdoors named TunnelSpecter and SweetSpecter. The actor closely monitors geopolitical developments, exfiltrating information daily, and maintains persistence through repeated attempts when disrupted. The tactics, infrastructure and malware have strong connections to Chinese state-aligned interests.