Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack’s aim, we believe the threat actor is aligned with China’s interests.
As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs.
We noticed multiple times that the actor was regaining access to the victim’s systems either because of improper credential hygiene or because of bad patching strategies of the edge devices and exposed web services. Thus, this publication intends to raise awareness of the importance of respecting essential best practices that ensure security and to share with the community information that could help detect and disrupt Unfading Sea Haze’s espionage activities.
The Unfading Sea Haze impacted at least 8 military and government organizations, a threat actor that has been active at least since 2018.
A full analysis of the attack is available in the whitepaper below:
Currently known indicators of compromise can be found in the whitepaper. Bitdefender Threat Intelligence customers can access enriched, contextual insights about this attack. The Threat ID BDx8y3ujm3X in the Bitdefender IntelliZone portal includes additional TTPs and visualizations. For more information about Bitdefender Threat Intelligence solution visit our product page.