Skip to Content

APT TA413

Updated on 2022-09-27

Chinese APT TA413 exploited flaws in Sophos Firewall and Microsoft Office to deliver a previously undetected backdoor, dubbed LOWZERO, as part of a cyberespionage campaign against Tibetan entities.

Overview: TA413

On the same note, Recorded Future also has a report on TA413, a suspected Chinese APT group that’s targeting Tibetans, another of China’s favorite-to-abuse minority groups.

Over the first half of 2022, we have observed TA413 exploit a now-patched zero-day vulnerability targeting the Sophos Firewall product (CVE-2022-1040), weaponize the “Follina” (CVE-2022-30190) vulnerability shortly after discovery and publication, and employ a newly observed custom backdoor we track as LOWZERO in campaigns targeting Tibetan entities.

Read more in

Tags

Tags

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.