HyperBro

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
HyperBro is a malicious software (malware) that has been utilized in a sophisticated cyber espionage campaign targeting semiconductor industries primarily in Taiwan, Hong Kong, and Singapore. This malware was discovered being used in conjunction with a lure purporting to be from the Taiwan Semiconductor Manufacturing Company (TSMC). The scheme involves the HyperBro loader variant using a digitally signed CyberArk binary for a DLL-Side Loading attack, resulting in the in-memory execution of a Cobalt Strike beacon. The Cobalt Strike beacon was then installed on victims' computers using the HyperBro loader. This campaign has been attributed to China by Dutch cybersecurity firm EclecticIQ due to the use of the HyperBro loader, which is associated with a state-backed group labeled Budworm or APT27. The deployment of HyperBro was observed to occur through spear-phishing emails, which delivered the HyperBro loader that displayed a file purportedly from TSMC while deploying a Cobalt Strike beacon via DLL side-loading. In March, Advanced Persistent Threat (APT) actors installed HyperBro on the Exchange Server and two other systems. The entire scheme, including the legitimate component IntgStat.exe, pcalocalresloader.dll library, and the encrypted file thumb.db, was used solely to download the HyperBro backdoor. Notably, shikata_ga_nai obfuscation was not applied in the case of Able Desktop. EclecticIQ analysts have expressed high confidence that the analyzed HyperBro Loader, the malware downloader, and the GO backdoor are very likely operated and developed by a People's Republic of China (PRC) backed nation-state threat actor. This assessment is based on victimology, observed infrastructure, malware code, and resemblance with previously reported activity clusters. To protect against such vulnerabilities, it is recommended to use Patch Manager Plus to quickly patch over 850 third-party applications.
What's your take? (Question 1 of 5)
1ba7bec5-6a1f-4ca7-a4d8-fb0c5381c02f Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Apt
Trojan
Backdoor
Webshell
Payload
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the HyperBro Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Emissary Panda Attacks Middle East Government SharePoint Servers
CERT-EU
a year ago
Space Pirates: analyzing the tools and connections of a new hacker group
MITRE
a year ago
LuckyMouse hits national data center to organize country-level waterholing campaign
MITRE
a year ago
Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware
CISA
a year ago
MAR-10365227-2.v1 HyperBro | CISA
Trend Micro
a year ago
Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting
MITRE
a year ago
Chinese Hackers Carried Out Country-Level Watering Hole Attack
CISA
a year ago
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization | CISA
CISA
a year ago
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization | CISA
CERT-EU
8 months ago
Chinese Hackers Attacking Semiconductor Industries using Cobalt Strike beacon
CERT-EU
8 months ago
China-linked cyberspies backdoor semiconductor firms with Cobalt Strike
CERT-EU
8 months ago
Chinese State-Sponsored Cyber Espionage Activity Targeting Semiconductor Industry in East Asia
CERT-EU
8 months ago
Semiconductor firms targeted by Chinese hackers
CERT-EU
8 months ago
China-based spies are hacking East Asian semiconductor companies, report says | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
8 months ago
L’hebdo cybersécurité (8 octobre 2023) • Cybersécurité
CERT-EU
8 months ago
Cyber Security Week in Review: October 6, 2023