Whitefly

Threat Actor updated 4 months ago (2024-05-05T14:17:31.948Z)
Download STIX
Preview STIX
Whitefly is a threat actor that has been active since at least 2017, primarily targeting organizations in Singapore across various sectors with the intent to steal large volumes of sensitive information. This group is known for its advanced capabilities and extensive arsenal of tools, including custom malware, open-source hacking tools like Termite, and living-off-the-land tactics such as malicious PowerShell scripts. Whitefly first infiltrates its victims using a dropper disguised as a document or image file, which then deploys an executable or dynamic link library (DLL) file to compromise the system. The group was responsible for the significant SingHealth breach, among other attacks in Singapore between mid-2017 and mid-2018. Once inside a network, Whitefly maps the infrastructure and infects further computers, often maintaining a presence within the targeted organization for months to extract large amounts of data. The use of a multi-purpose command tool by Whitefly has also been detected in attacks against defense, telecoms, and energy targets in Southeast Asia and Russia, indicating its broad reach. Whitefly's modus operandi involves the use of search order hijacking technique to run Vcrodat, a malicious DLL that often bears the same name as DLLs belonging to legitimate software from various security vendors. In some instances, the group has deployed another custom malware, Trojan.Nibatad, which also leverages search order hijacking to download an encrypted payload onto the infected computer. Whitefly configures multiple Command & Control (C&C) domains for each target, illustrating its sophisticated approach to maintaining long-term network access and exfiltrating data.
Description last updated: 2024-05-05T13:34:11.155Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Whitefly Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
MITRE
2 years ago
Whitefly: Espionage Group has Singapore in Its Sights