PLEAD

Malware updated 23 days ago (2024-11-29T14:27:01.903Z)
Download STIX
Preview STIX
PLEAD is a sophisticated malware, suspected to be associated with the Chinese APT group known as BlackTech. First observed in the wild in 2015, it was discovered by ESET researchers in 2019 that BlackTech was using compromised ASUS routers to perform Man-in-the-Middle (MitM) attacks and deliver the PLEAD malware through ASUS WebStorage software updates. The malware, also referred to as TSCookie in some instances, was concealed in legitimate looking software updates from Asus and uploaded to victim systems by modifying the DNS resolution of asus.com. Once inside, PLEAD had the ability to steal data from victim organizations, exhibiting innovative capabilities such as eavesdropping and performing DNS and HTTP hijacking, previously seen in campaigns like ZuoRat, VPNFilter, Attor, and Cuttlefish. In a related development, two foreign nationals pleaded guilty to participation in the LockBit Ransomware Group, which has been linked to similar cyberattacks. In another case, Bowser plead guilty to two out of eleven charges and was sentenced to 40 months in prison and a $4.5 million fine, later increased by $10 million. It's important to note that these cases underscore the global nature of cybercrime and the increasing sophistication of malicious actors in exploiting vulnerabilities in widely used software and hardware. Moreover, Sellafield, a British nuclear decommissioning company, plead guilty to all charges brought by the Office for Nuclear Regulation (ONR) in June 2024. The specifics of the charges are not detailed, but it is implied that they may relate to cybersecurity lapses or other infractions. These incidents highlight the importance of robust cybersecurity measures across all sectors, especially those dealing with sensitive information or infrastructure.
Description last updated: 2024-10-04T12:16:08.083Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
TSCookie is a possible alias for PLEAD. TSCookie is a malware that has been associated with various backdoors such as BendyBear, BIFROSE (Bifrost), Consock, KIVARS, PLEAD, XBOW, and Waterbear (DBGPRINT). It's also known as FakeDead and is used in conjunction with other tools like BendyBear and Flagpro by BlackTech, an advanced persistent
2
Waterbear is a possible alias for PLEAD. WaterBear is a sophisticated form of malware, known for its ability to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or hold data hostag
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Apt
Vpn
Exploit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The malware Attor is associated with PLEAD. Unspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The BlackTech Threat Actor is associated with PLEAD. BlackTech, a China-linked Advanced Persistent Threat (APT) group, poses a significant cybersecurity threat due to its sophisticated and covert hacking activities. As a threat actor, BlackTech's operations involve executing actions with malicious intent, which can be attributed to individuals, privatUnspecified
3
Source Document References
Information about the PLEAD Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
3 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
8 months ago
DARKReading
8 months ago
DARKReading
9 months ago
CERT-EU
9 months ago
CERT-EU
10 months ago
InfoSecurity-magazine
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago