VERY IMPORTANT

A few months ago, we covered the ChessMaster cyberespionage campaign, which leveraged a variety of toolsets and malware such as ChChes and remote access trojans like RedLeaves and PlugX to compromise its targets—primarily organizations in Japan. A few weeks ago, we observed new activity from ChessMaster, with notable evolutions in terms of new tools and tactics that weren’t present in the initial attacks. From what we’ve seen, ChessMaster is continuously evolving, using open source tools and ones they developed, likely as a way to anonymize their operations. Based on the way the campaign has developed, it won’t be surprising to see additional evolutions from ChessMaster in the future.