Trusted Design

APT group leveraging HT exploits to target a Financial Services

概要

As predicted following the leak of Hacking Team exploit codes covered here, the Zscaler security research team has recently started seeing a Chinese cyber espionage group weaponizing malware payloads using the 0-day exploits found in the leaked Hacking Team archives. As such, this new attack represents a dangerous new hybrid combining the work of a notorious cyber criminal gang with Chinese cyber espionage group to attack a financial services firm. Zscaler's cloud sandboxes recently detected a Remote Access Trojan (RAT) being delivered by a well-known Chinese cyber espionage group using the Hacking Team’s 0-day exploits. This attack was specifically targeting a well-known financial services firm. The exploit files involved were identical to the Hacking Team's leaked exploit HTML, JavaScript, and ShockWave Flash 0-day files. The end payload that was installed is the HttpBrowser RAT, known to be used by the Chinese group in previous targeted attacks against governments.

Created: 2026-02-23

Indicators

• hostname - update.hancominc.com -
• CVE - CVE-2015-5119 -

類似Pulses

• Chinese Backdoor Zegost delivered via Hacking Team exploit (score: 0.69)
• Chinese Actors attacks on US Government and EU Media (score: 0.68)
• Korplug RAT used to attack Vietnamese institutions (score: 0.68)
• Multiple Chinese APT Groups Quickly Use Flash Zero-Day (score: 0.67)
• Targeted Attack Distributes PlugX in Russia (score: 0.67)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る