Symantec researchers have discovered that this attack group, called Whitefly, has operated since at least 2017, targeted organisations based mostly in Singapore and across a variety of sectors, and is interested in stealing large amounts of sensitive information.
Whitefly compromises its victims using custom malware alongside open-source hacking tools and tactics such as malicious PowerShell scripts. Whitefly first infects its victims using a dropper in the form of a malicious.exe or.dll file disguised as a document or image. These files frequently purport to offer information on job openings or appear as documents sent from another organisation operating in the same industry as the victim. Given their complexity, it’s likely they are sent to victims using spear-phishing emails.
Once Whitefly has infected one computer in an organisation, it then maps out other devices to infect and stays within an organisation for a prolonged period to gather as much sensitive data as possible.
To read the full Threat Intelligence Report please go to https://www.symantec.com/blogs/threat-intelligence/whitefly-espionage-singapore