A newly discovered APT group has been spotted using commercial software to deploy backdoor malware to targeted victims in Hong Kong and elsewhere in Asia.
Symantec revealed in a new report today that although use of the Korplug backdoor has been traced in the past to multiple groups, it could not link the current activity to any known entity.
It named the new actor “Carderbee” and claimed it is using legitimate Cobra DocGuard Client software developed by Chinese firm EsafeNet to get the backdoor onto victims’ machines.
The developer, owned by cybersecurity firm NSFOCUS, has had its software used maliciously in the past. ESET claimed in September last year that a malicious update of the same Cobra DocGuard Client was used to compromise a gambling firm in Hong Kong.