Skip to content
- The attacker, suspected to be the OceanLotus group (APT32), created a GitHub account and disguised it as a security researcher from a leading Chinese FinTech company.
- The attacker forked various security tool projects on their homepage to reduce victims’ vigilance.
- The attacker published two malicious poisoning projects, containing plugins for the commonly used Chinese red team tool Cobalt Strike, with new exploit functions.
- The attacker embedded a malicious
.suo file into a Visual Studio project.
- When the victim compiles the Visual Studio project, the Trojan will execute automatically.