Cybersecurity researchers have uncovered a threat group named Unfading Sea Haze, active since 2018, targeting military and government entities in South China Sea countries. The attackers use Gh0st RAT malware and tools like SharpJSHandler, SharpZulip, and Ps2dllLoader. They regain access through spear-phishing emails with booby-trapped archives, and persist using scheduled tasks and manipulation of local Administrator accounts
Unfading Sea Haze employs commercially available RMM tools and an arsenal of custom tools, including Gh0st RAT variants like SilentGh0st and EtherealGh0st. The attackers use a range of backdoors for data exfiltration, including SharpZulip for manual data extraction from messaging apps. This espionage campaign emphasizes flexibility, evasion, and modularity to bypass security measures, with a focus on acquiring sensitive information from compromised systems. https://thehackernews.com/2024/05/researchers-warn-of-chinese-aligned.html