admin@338

Admin@338 is a threat actor or group that has been identified as originating from China and is known for executing cyber-attacks with malicious intent. Tracked by FireEye as an uncategorized Advanced Persistent Threat (APT) group, this actor has been linked to multiple cybersecurity incidents. One notable activity involved the use of a malware payload named LOWBALL, which was embedded in email messages containing malicious documents. This specific operation was targeted towards Hong Kong, despite differing sponsorship, indicating that penetration of media organizations based in Hong Kong and Taiwan remains a high priority for China-based threat groups. In another incident, admin@338 was observed uploading a second-stage malware known as BUBBLEWRAP (also referred to as Backdoor.APT.FakeWinHTTPHelper) to their Dropbox account. The command sequence used during this operation included renaming and starting certain files, directing system information to a download file, and deleting original commands. This is not the first time that admin@338 has utilized BUBBLEWRAP, suggesting a preference or specialty in using this particular type of malware. To sum up, admin@338 presents a significant cybersecurity threat, particularly to organizations based in Hong Kong and Taiwan. Their use of sophisticated malware such as LOWBALL and BUBBLEWRAP, coupled with advanced techniques like multi-stage attacks, underscores the level of their capabilities. It's essential for organizations to remain vigilant against such threats, employing robust security measures and staying abreast of the latest developments in the cybersecurity landscape.