CarderBee hacking group targets organizations in Asia
An unknown advanced persistent threat group has been observed attacking organizations in Asia, particularly Hong Kong, using commercial software to deploy “backdoor” malware.
Dubbed “CarderBee” by researchers at Symantec, the hacking group uses Cobra DocGuard Client, a software package designed to allow users to access and manage their Consolidated Omnibus Budget Reconciliation Act documents to gain access to victim’s machines.
The Cobra DocGuard Client is said to have been designed by Chinese company EsafeNet. That’s where the story gets interesting. According to the researchers, CarderBee uses PlugX, a malware family used by Chinese state-backed threat groups — so Chinese-designed software is being compromised by Chinese state-sponsored actors.