Unfading Sea Haze is a malicious software (malware) that has been causing havoc in high-level organizations within the South China Sea region. Bitdefender researchers have tracked this threat actor since 2018, following its activities that have significantly impacted at least eight military and government organizations. The malware infiltrates systems typically through suspicious downloads, emails, or websites, often without user knowledge, with the intent to exploit and damage computer systems, steal personal information, disrupt operations, or hold data for ransom.
The primary tools of choice for Unfading Sea Haze's post-compromise activities include .net payloads sharpJsHandler and SerialPktDoor, along with two evolved variations of the Gh0stRat—EtherealGh0st and FluffyGh0st. These tools have evolved from two older variants, TranslucentGh0st and SilentGh0st, which have been utilized by the threat actor since its inception in 2018. These tools enable the malware to maintain control over compromised systems, exfiltrate sensitive data, and perform other malicious activities.
One of the main infection vectors used by Unfading Sea Haze is spear phishing with zip archives containing lnk deploying the SerialPktdoor backdoor. This method involves sending targeted emails that appear to come from a known or trusted sender to induce individuals to reveal confidential information. Once the recipient opens the infected zip file, the SerialPktdoor backdoor is deployed, providing the attacker with unauthorized remote access to the victim's system. As such, Unfading Sea Haze continues to pose a significant threat to organizations in the South China Sea region.
Description last updated: 2024-10-07T15:17:54.431Z