Emissary Panda – AKA APT27, BRONZE UNION, Iron Tiger, LuckyMouse, TG-3390, and Threat Group-3390 – has been active for more than a decade and remains a powerful adversary. This Chinese cyberespionage group targets organizations in the government, defense, aerospace, technology, manufacturing, and energy sectors. The group was involved in cyber espionage campaigns against Turkish organizations and the middle-east. They deploy Malware like China Chopper, Gh0st, HyperBro, and ZxShell to exploit applications networks.
APT27 has been using Zoho and Microsoft Exchange vulnerabilities to attack German companies. The exploits include:
Recently, the threat actors manipulated a code-signing certificate issued by VMPsoft, the company that created the VMProtect packer. The signed file is a SysUpdate backdoor loader, according to researchers