LOWKEY: Hunting for the Missing Volume Serial ID
released on 2019-10-15 @ 03:50:04 PM
In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group: APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. This blog post is about the sophisticated passive backdoor we track as LOWKEY, mentioned in the APT41 report, and associated with ESETs recent Winnti Group related blog https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/ .