A Chinese advanced persistent threat (APT) group is spreading fake Zoom software to spy on targets in South East Asia.
The group, dubbed LuminousMoth by Kaspersky, is focused on cyberespionage and the theft of information from high-profile targets.
Dating back to at least October 2020, roughly 100 victims have been detected in Myanmar, and close to 1,400 have been recorded in the Philippines. However, these infection rates may not tell the whole story, as the researchers believe that only a small subset of these numbers was of interest to the APT and were exploited further.
LuminousMoth’s true targets, in particular, are government agencies in both of these countries and abroad.
According to the researchers, the preliminary rate of infection may be due to LuminousMoth’s initial attack vector and spreading mechanisms, deemed “noisy” and unusual for an APT to adopt.