A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant
Executive Summary APT31 is long known to use Operational Relay Boxes (ORBs) and compromise routers. This report examines in detail their only publicly known router implant, dubbed “SoWaT” The implant is capable to function as RAT, a tunnel and a proxy. Extensive verification and double-encryption procedures signal a TA trying to evade even the most…
Uncovering Tetris – a Full Surveillance Kit Running in your Browser
Executive Summary A Chinese state sponsored threat actor is targeting Chinese-speaking opposition through waterholed websites. The Campaign uses a modular and custom JS surveillance framework, dubbed “Tetris”, implementing a wide range of browser feature. Almost all of Tetris’ components have zero AV detections. Tetris exploits vulnerabilities is 58 widely used websites, including Aliexpress, Baidu, QQ…
Follow My Blog
Get new content delivered directly to your inbox.
imp0rtp3 