Wekby

Wekby, also known as APT18, is a threat actor suspected to be based in China. This group has been actively involved in executing malicious activities for several years, targeting a wide range of sectors including Aerospace and Defense, Construction and Engineering, Education, Health and Biotechnology, High Tech, Telecommunications, and Transportation. Despite limited public information about this group, it's clear that their operations are extensive and sophisticated, posing a significant cybersecurity threat. The Wekby group employs advanced malware tied to the HTTPBrowser family, using DNS requests as a command and control mechanism. This approach aligns with previous iterations of HTTPBrowser, another malware family frequently utilized by Wekby. Their methods demonstrate a high level of technical expertise, indicating a well-resourced and capable adversary. The group continues to target various high-profile organizations, using their sophisticated malware to infiltrate systems and extract valuable information. Recently, an attack led by Wekby targeted a US-based organization. This incident underscores the group's ongoing activity and the persistent threat they pose to diverse industries such as healthcare, telecommunications, aerospace, defense, and high tech. Given the group's sophisticated tactics and broad target spectrum, it is crucial for organizations within these sectors to maintain robust cybersecurity measures and stay vigilant against potential threats.