PLEAD

Malware updated 2 months ago (2024-07-21T14:18:04.893Z)

Download STIX

Preview STIX

The PLEAD malware is a malicious software that was discovered by ESET researchers in 2019 to be utilized by the Chinese APT group known as BlackTech. The group was found to be performing Man-in-the-Middle (MitM) attacks through compromised ASUS routers and delivering the PLEAD malware through ASUS WebStorage software updates. The malware, also referred to as TSCookie, has been active since 2015 and is known for its ability to steal data from victim organizations. The threat actors deployed PLEAD hidden within legitimate-looking software updates from Asus, leveraging it to target additional systems within the environment. Several incidents related to the PLEAD malware have been reported over the years. For instance, Bowser pleaded guilty to two charges related to the malware and was sentenced to 40 months in prison and a fine of $4.5 million, later increased by $10 million. In another case, Jack Teixeira, a former airman and Pentagon leak suspect, was expected to plead guilty for his role in leaking sensitive intelligence online, which was linked to the use of PLEAD. Furthermore, two foreign nationals pleaded guilty to their participation in the LockBit Ransomware Group, which used similar tactics to those seen in the PLEAD campaign. The PLEAD malware's unique behavior, such as the capability to eavesdrop on edge networking equipment and perform DNS and HTTP hijacking, has been seldom observed. Other campaigns like ZuoRat, VPNFilter, Attor, and Cuttlefish have exhibited similar behavior. However, PLEAD stands out due to its specific design to seek out private IP connections for hijacking. This innovation represents the next generation in malware capabilities, indicating an evolving threat landscape that requires vigilant cybersecurity measures.

Description last updated: 2024-07-21T14:15:46.722Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
TSCookie	2	TSCookie is a malware that has been associated with various backdoors such as BendyBear, BIFROSE (Bifrost), Consock, KIVARS, PLEAD, XBOW, and Waterbear (DBGPRINT). It's also known as FakeDead and is used in conjunction with other tools like BendyBear and Flagpro by BlackTech, an advanced persistent
Waterbear	2	WaterBear is a sophisticated form of malware, known for its ability to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or hold data hostag

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Apt

Vpn

Exploit

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Attor	Unspecified	2	None

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
BlackTech	Unspecified	3	BlackTech, a China-linked Advanced Persistent Threat (APT) group, poses a significant cybersecurity threat due to its sophisticated and covert hacking activities. As a threat actor, BlackTech's operations involve executing actions with malicious intent, which can be attributed to individuals, privat

Source Document References

Information about the PLEAD Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 months ago	Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	2 months ago	Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Cuttlefish targets enterprise-grade SOHO routers
DARKReading	4 months ago	'Cuttlefish' Zero-Click Malware Steals Private Cloud Data
DARKReading	5 months ago	How Soccer's 2022 World Cup in Qatar Was Nearly Hacked
CERT-EU	6 months ago	Les dernières actus des cybercriminels (8 mars 2024) • Cybersécurité OSINT
CERT-EU	7 months ago	New Linux Malware "Migo" Exploits Redis for Cryptojacking, Disables Security
InfoSecurity-magazine	7 months ago	Ukrainian Faces Decades in Prison for Leading Prolific Malware Campaig
CERT-EU	10 months ago	Ex-NSA techie admits to selling state secrets to Russia
CERT-EU	a year ago	China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
CERT-EU	a year ago	Links 16/09/2023: IBM and Canonical Pushing Wayland
CERT-EU	a year ago	Maui Recovery Website, Grandmothers of Plaza de Mayo, Snapchat, More: Thursday Afternoon ResearchBuzz, September 7, 2023
CERT-EU	a year ago	Leftover Links 27/08/2023: Windows TCO Stories and Linux Foundation 'Masters'
BankInfoSecurity	a year ago	US Man Admits to $4.5B Bitfinex Hack, Money Laundering
CERT-EU	a year ago	Leftover Links 14/07/2023: Microsoft in Trouble With the FTC Again, This Time Over 'Open' 'AI'
CERT-EU	a year ago	Les dernières actualités cybercrime \| 7 juillet 2023
CERT-EU	a year ago	Les dernières actualités cybercrime \| 30 juin 2023
BankInfoSecurity	a year ago	Worker Inappropriately Accessed Patient Records for 15 Years
CERT-EU	a year ago	Twitter hacker and crypto scammer sentenced to five years in prison \| Engadget
MITRE	2 years ago	The Trail of BlackTech’s Cyber Espionage Campaigns