Cybersecurity News in Asia

Features
- Featured
  
  Colonial Pipeline attack: lessons from the last 3 years
  
  Tuesday, May 7, 2024, 10:29 AM Asia/Singapore | Features
- Featured
  
  With great payment-methods growth come greater security liabilities
  
  Tuesday, May 7, 2024, 10:00 AM Asia/Singapore | Features, Newsletter, Opinions
- Featured
  
  Bridging the data science talent gap for national cyber defenses: Urgent action needed
  
  Monday, April 29, 2024, 10:16 AM Asia/Singapore | Features
News
- Featured
  
  Fears of increased identity fraud due to AI need addressing: survey
  
  Wednesday, May 8, 2024, 1:37 PM Asia/Singapore | News, Newsletter
- Featured
  
  Respondents report lower 2023 ransomware attack numbers than in 2022
  
  Friday, May 3, 2024, 2:35 PM Asia/Singapore | News, Newsletter
- Featured
  
  Understanding the “multiplier effect” of digital fraud in the region
  
  Thursday, May 2, 2024, 2:05 PM Asia/Singapore | News, Newsletter
Opinions
Tips
Whitepapers
Awards 2024
Directory
E-Learning

News

Researchers uncover threat actors behind BigNox attack

By CybersecAsia editors and webmaster webmaster | Monday, June 14, 2021, 10:34 AM Asia/Singapore

Naming their assets after a poisonous plant and its derivative toxins, the group is a potent threat lurking in Asia.

Remember the cyberattack against gamers in Asia? The Nox Player emulator for PCs and Macs had been attacked by three malware families, via the software update mechanism.

Now, the researchers that discovered the attack suspect that the Gelsemium group was behind the campaign. Since mid-2020, the cyberespionage group has conducted attacks in East Asia and the Middle East, including governments, religious organizations, electronics manufacturers and universities.

Named after a flowering plant, the group names its weapons after plant-based poisons: Gelsevirine—a backdoor that is both modular and complex—is its main weapon dating back to 2014, but a new version is now in circulation.

According to researchers at ESET, the group has managed to remain mostly under the radar and is very targeted at only a few victims, likely to be for cyber-espionage agenda, according to the firm’s telemetry.

Said Thomas Dupuy, one of the researchers: “The group has a vast number of adaptable components. Gelsemium’s whole chain might appear simple at first sight, but the exhaustive number of configurations, implanted at each stage, can modify on-the-fly settings for the final payload, making it harder to understand.” Dupuy was referring to three components and a plug-in system used by Gelsemium: the dropper Gelsemine, the loader Gels enicine, and the main plugin Gelsevirine.

Researchers suspect the group is behind the supply-chain attack against BigNox that was previously reported as Operation NightScout. This was a supply-chain attack that compromised the update mechanism of NoxPlayer, part of BigNox product range, with over 150 million users worldwide.

The investigation uncovered some overlap between this supply-chain attack and the Gelsemium group. Victims originally compromised by that supply-chain attack were later being compromised by Gelsemine. Among the different variants examined, “variant 2” shows similarities with Gelsemium malware.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Securing Industry 4.0
The world is advancing to Industry 4.0 in full swing, and this is a key …Download Whitepaper
Secure Access Service Edge (SASE) Solutions for Today’s Work-From-Anywhere (WFA) Environment
Organizations are turning to Secure Access Service Edge (SASE) solutions for securing remote work environments, …Download Whitepaper
Identity Has Breached the Ecosystem
This whitepaper explores the dual nature of identity in cybersecurity, emphasizing its role in both …Download Whitepaper
Fortanix Buyers Guide for Modern Key Management and Data Security
This document underscores the pressing challenges in key management and data securityDownload Whitepaper

Middle-sidebar-banner

Case Studies

How medical devices manufacturer Tuttnauer protects patient and personal-data safety
In running a cloud-based portal to link its smart medical equipment, the firm has also …Read more
AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming
To test the safety/security of a generative AI feature, what unchartered bugs and human testing …Read more
Real estate logistics provider GLP steps up to zero trust architecture
With its physical and digital footprint growing, the global firm’s outdated legacy security stack has …Read more
Identity security woes now a thing of the past for Heng Leong Hang
The retail chain was grappling with numerous cyber risks in its IT infrastructure until it …Read more

Cybersecurity News in Asia

Featured

Colonial Pipeline attack: lessons from the last 3 years

Featured

With great payment-methods growth come greater security liabilities

Featured

Bridging the data science talent gap for national cyber defenses: Urgent action needed

Featured

Fears of increased identity fraud due to AI need addressing: survey

Featured

Respondents report lower 2023 ransomware attack numbers than in 2022

Featured

Understanding the “multiplier effect” of digital fraud in the region

Researchers uncover threat actors behind BigNox attack

Related Posts

Leave a reply Cancel reply

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Middle-sidebar-banner

Case Studies

Bottom sidebar