Kaspersky researchers have revealed an ongoing and large-scale advanced persistent threat (APT) campaign with hundreds of victims from Southeast Asia, including Myanmar and the Philippines government entities.
This cluster of APT activity, tracked as LuminousMoth by Kaspersky, has been linked to the HoneyMyte Chinese-speaking threat group with medium to high confidence.
The links found include network infrastructure connections such as command-and-control servers used by both groups and similar tactics, techniques, and procedures (TTPs) when deploying Cobalt Strike beacon payloads.
They are also both known to launch wide-scale attacks against significant numbers of targets with the end goal of hitting just a small subset matching their interests.
While analyzing LuminousMoth’s cyberespionage attacks against several Asian government entities that started since at least October 2020, Kaspersky researchers discovered a total of 100 victims in Myanmar and 1,400 in the Philippines.