China Threat Actor Targeting African and Caribbean Entities With Spear Phishing Attacks

Spear Phishing AttacksThe China-aligned threat actor “Sharp Dragon” is launching spear phishing attacks against government entities in African and Caribbean countries, according to researchers at Check Point.

“In recent months, we have observed a significant shift in Sharp Dragon’s activities and lures, now targeting governmental organizations in Africa and the Caribbean,” the researchers write.

“Those activities very much align with known Sharp Dragon modus operandi, and were characterized by compromising a high-profile email account to spread a phishing word document that leverages a remote template weaponized using RoyalRoad. Unlike previous activities, those lures were used to deploy Cobalt Strike Beacon.”

The threat actor begins by hacking into a trusted email account at a targeted organization, then uses that access to spread to additional accounts before installing the Cobalt Strike hacking tool.

“Presently, we are witnessing the use of Cobalt Strike Beacon as the payload of the 5.t downloader,” the researchers write. “This choice provides backdoor functionalities, such as C2 communication and command execution, without the risk of exposing their custom tools.

However, we assume that the Cobalt Strike beacon serves as their primary tool for assessing the attacked environment, while their custom tools come into play at a later stage, which we have yet to witness. This refined approach indicates a deeper understanding of their targets and a desire to minimize exposure, likely resulting from public disclosures of their activities.”

The researchers conclude that the shift in targeting suggests that government employees in these regions should be on the lookout for targeted phishing attacks.

“These changes in Sharp Dragon’s tactics, showing more careful selection of targets and the use of publicy and readily available tools, is an indication of a refined approach by this threat actor to target high-profile organizations,” the researchers write. “These findings bring attention to the evolving nature of Chinese threat actors, especially towards regions that have been somewhat overlooked in global cybersecurity and by the threat intelligence community.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Check Point has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews