Chinese cyberespionage group PKPLUG uses custom and off-the-shelf tools
Security researchers have linked various attack campaigns against organizations and ethnic groups in Asia to a single threat actor they believe is likely serving China’s geopolitical interests in the region and is connected to the country’s state-sponsored cyberespionage apparatus. Researchers from security firm Palo Alto Networks have been tracking attack campaigns launched by a group, or several closely connected groups, they’ve dubbed PKPLUG for the past three years. They’ve found links to older attack campaigns reported independently by other companies over the past six years. According to them, this is the first time all these attacks have been tied together under a single threat actor.