3 Mar 2023 | Asia Cyber Summary

In the spotlight this week:

• Singapore to Introduce Online Criminal Harms Act Amid ‘Growing International Consensus’ for Such Laws: MHA
• Southeast Asian Scammers Preying On Strangers With Texting Romance
• Chinese-Owned Tiktok Becomes Political Target Amid Fears That App Could Be Used For Spying, Propaganda
• Chinese Hackers Use New Custom Backdoor To Evade Detection
• PureCrypter Malware Targets Government Entities in Asia-Pacific and North America
• LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

‍‍‍

Singapore to Introduce Online Criminal Harms Act Amid ‘Growing International Consensus’ for Such Laws: MHA

Later this year, the Ministry of Home Affairs (MHA) will introduce new legislation to more effectively combat crimes committed in cyber space. The proposed Online Criminal Harms Act will “expand the scope of regulatory levers that we can apply to online criminal activities”. This includes the authority to stop or delete online communications that support physical crimes like inciting violence. The proposed Act will also broaden the range of entities that the government can target, including all online communication channels that could be used for criminal activity. The new legislation will also include tools that will deal with the nature of online criminal harms more effectively. This includes ‘upstream measures to detect and reduce them, such as safeguards against inauthentic accounts. This legislation will also apply to other malicious cyber activities, like phishing’.

‍Southeast Asian Scammers Preying On Strangers With Texting Romance

Researchers in cyber security have identified a Southeast Asian-based online criminal ring that preys on US citizens using social engineering techniques to invest in cryptocurrency. Threat actors use online psychological manipulation techniques to establish a connection with a victim before persuading them to participate in phoney financial schemes such as "pig butchering" or "romance" scams. Scammers use intentionally misaddressed text messages to spam a wide range of potential victims and, subsequently, focus on those who respond. Scammers have defrauded people looking for love out of $1.3 billion over the past five years, a startling six-fold increase from the 2017 figures.

‍Chinese-Owned TikTok Becomes Political Target Amid Fears That App Could Be Used For Spying, Propaganda

TikTok, a popular Chinese video-sharing app, has come under political fire as governments grow more concerned that China may use it for espionage or propaganda, according to observers. As the app grows in popularity, and the geopolitical rivalry between China and the West remains, worries over privacy and security have been raised. The bans highlight growing concerns that the Chinese government may use TikTok, which is owned by the Chinese company ByteDance, to collect user data for political purposes and to meddle in the internal affairs of other nations. 

‍Chinese Hackers Use New Custom Backdoor To Evade Detection

The Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting this year. Mustang Panda is an advanced persistent threat (APT) group known to target organisations worldwide in data theft attacks using customised versions of the PlugX malware. The threat actors are also known as TA416 and Bronze President. Cyber security researchers first discovered MQsTTang in January 2023 in a campaign that targets governments and political organisations in Europe and Asia, focusing on Taiwan and Ukraine. The payloads are downloaded from GitHub repositories made by a user associated with previous Mustang Panda campaigns, while the malware is distributed via spear phishing emails. The malware is an executable compressed inside RAR archives, given names with a diplomacy theme, such as scans of passports of members of diplomatic missions, embassy notes, etc.

‍PureCrypter Malware Targets Government Entities in Asia-Pacific and North America

An unknown threat actor is targeting government organisations in North America and Asia Pacific with the PureCrypter malware downloader, which distributes a variety of information-stealers and ransomware. First documented in June 2022, PureCrypter is advertised for sale by its author for $59 for one-month access (or $245 for a one-off lifetime purchase) and is capable of distributing a multitude of malware. The program's creator, PureCoder, expanded the selection of services in December 2022 to include a logger and information thief called PureLogs, which is intended to steal data from web browsers, cryptocurrency wallets, and email clients. It costs $99 a year (or $199 for lifetime access). The infection sequence commences with a phishing email containing a Discord URL that points to the first-stage component, a password-protected ZIP archive that, in turn, loads the PureCrypter malware.

‍LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

LastPass has been hit by a second data breach by the same threat actors that had accessed its encrypted password vaults in a severe data breach that occurred in December 2022. As a result of a sustained cyber attack, one of LastPass' DevOps engineers had their home computer compromised and infected with a keylogger, allowing sensitive data to be stolen from its Amazon AWS cloud storage servers. ‘The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack’. This intrusion targeted the company's infrastructure, resources, and the aforementioned employee from August 12, 2022, to October 26, 2022. The original incident, on the other hand, ended on August 12, 2022.