BadCake
APT32, also known as Ocean Lotus, is a Vietnamese-linked Advanced Persistent Threat (APT) group whose campaigns target users and companies in South East Asia frequently. The primary groups that the hackers go after are political organizations, journalists, dissidents and private companies in various industries. Some of their more notable attacks were carried out against high-profile targets in Cambodia, Laos and the Philippines. The group relies on a broad range of hacking tools that are used for data exfiltration, surveillance, and espionage – one of the most functional pieces of software in their arsenal appears to be BadCake, a custom backdoor Trojan that is being delivered to its intended targets via spear-phishing or watering hole attacks.
Once installed, BadCake will provide its operators with the ability to collect general hardware and software information about the infected system. In addition to this, the backdoor is capable of allowing the execution of arbitrary commands – these could be used to alter the system's configuration and weaken security measures. Last but not least, the BadCake backdoor can manipulate the file system, and download more files onto the compromised system, therefore making it possible to plant secondary payloads.
Since the BadCake Trojan is meant to stay on the infected system for long, it will take the required steps to gain persistence – either by creating a bogus Windows Service or setting up a new Scheduled Task. The threat uses DGA (Domain Generation Algorithm) to create new subdomains that are used with hardcoded Command and Control servers.
BadCake's activities seem often to be accompanied by public tools such as Mimikatz (used for credential collection) or Cobalt Strike, a post-exploitation framework meant to be used by penetration testers. APT32 have been active in the cybercrime field since 2013, and they have upgraded their infrastructure and toolkit continuously by introducing new projects or adding more features to previous malware samples. While their privately-developed tools may use a wide range of obfuscation techniques to evade anti-virus tools, users of reputable anti-malware products can rest assured that their systems are protected from threats like the BadCake backdoor Trojan.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.