Chinese hacker group KeyBoy is back with new spy malware targeting Western organisations
A hacker group known as KeyBoy, believed to be operating out of China, has resurfaced with a new campaign, targeting various organisations in Western nations. The advanced persistent (APT) group has been active since 2013, previously targeting organisations in South East Asia. KeyBoy hackers' new corporate espionage campaign makes use of specialised malware and phishing emails to spy on and steal from targets.
The hacker group's last known activity involved targeting the Tibetan parliament between August and October 2016. However, the KeyBoy hackers now appear to be back with a fresh campaign, shifting focus from targeting Asian organisations to Western entities.
According to security experts at PwC, who uncovered the hacker group's latest attacks, KeyBoy is making use of a spy malware, which comes with significant intrusive capabilities. The malware is capable of taking screenshots, has keylogging features and can browse and download the victims' files. In addition to this, the malware can also harvest extensive information about the targets' computers and even shut down infected systems.