Cycldek is an Advanced Persistent Threat (APT) group whose activity was first analyzed and described in 2018 – thanks to the information gathered, cybersecurity experts were able to track Cycldek's activity back to 2014. The campaigns of these hackers are usually focused on the Southeast Asia region, and their targets include high-ranking government officials and various government entities frequently. The criminals use a rich arsenal of custom-built malware, as well as living-off-the-land tools that have been adopted by multiple cybercrime organizations. Recently, Cycldek has attracted the attention of anti-virus vendors worldwide by implementing a new tool in its attacks – USBCulprit, a piece of malware that appears to be dedicated to infecting air-gapped networks and collecting data from them.
Cycldek is believed to originate from China, and it is interested in Vietnam, Thailand and Laos mainly. However, remnants of its activity have been found on infected networks in other parts of Southeastern Asia.
One of the group's most notorious Remote Access Trojans (RATs) is the NewCore RAT – they have used its modules to craft two similar other RATs that have identical features but appear to have entirely different implant properties. One of the threats is labeled BlueCore RAT, while the other goes by the name RedCore RAT.
Public tools that the Cycldek makes use of include:
- HDoor – A very old backdoor Trojan that has been used by multiple APT actors in China.
- JsonCook – A tool meant to exfiltrate cookies from Chromium-based browsers by exploiting the SQLite databases used to store this information.
- ChromePass – A tool used to collect passwords saved in Chromium-based Web browsers.
APT groups that invest time in resources in malware projects that target air-gapped networks are becoming a more common occurrence, and Cycldek is one of the latest names on this list. Cycldek's campaigns are ongoing, and the hackers update their payloads and network infrastructure frequently to avoid detection.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Cycldek may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.