Tencent Trouble: SLOW#TEMPEST Cyberattack Targets Chinese Entities with Phishing and Cobalt Strike
Tencent’s infrastructure is under siege! Securonix researchers uncovered a phishing, DLL sideloading, and Cobalt Strike campaign targeting Chinese entities. Dubbed “SLOW#TEMPEST,” the attack exploited Tencent’s cloud services and lurked for weeks before striking. Looks like even the cloud isn’t safe from a tempest!
Hot Take:
Looks like the cybercriminals took a page out of a slow-cooking recipe book—SLOW#TEMPEST: where your data gets cooked to perfection while you wait! Tencent, hope you’ve got a storm shelter ready.
Key Points:
- Cybercriminals targeted Chinese entities with phishing emails involving “personnel lists” and “remote control software regulations.”
- Used DLL sideloading via a vulnerable LicensingUI.exe and dui70.dll to deploy Cobalt Strike beacons.
- Cobalt Strike was utilized for various malicious activities like malware delivery and network reconnaissance.
- All IP addresses for the attack were hosted on Tencent’s cloud infrastructure.
- The attack was named SLOW#TEMPEST due to the attackers’ extended period of inactivity before launching their offensive.
Membership Required
You must be a member to access this content.