New Flagpro Malware Linked to Chinese State-Backed Hackers
Security researchers have identified a new malware strain called Flagpro thats being deployed against Japanese companies by a Chinese state-backed hacking group known as BlackTech. This is exactly as concerning as it sounds.
According to a report from NTT Security, Flagpro has been actively used in attacks targeting defence, media, and communications companies since at least October 2020. The most recent sample analysed was from July 2021 indicating this campaign is ongoing.
The attack chain is depressingly familiar. It starts with spear-phishing emails crafted specifically for the target organisation. The emails contain password-protected archives with malicious Excel files inside. Open the file, enable macros, and youve just given the attackers a foothold in your network.
Once installed Flagpro connects to command and control servers and begins reconnaissance. It sends system information back to the attackers and can download additional payloads for further exploitation. Fairly standard stuff but effective.
What makes this particularly interesting is the evolution researchers have observed. A newer version called Flagpro v2.0 can automatically close security dialogs that might alert users to suspicious external connections. The malware is literally designed to hide itself more effectively.
BlackTech has been active since at least 2017 targeting entities in Taiwan, Japan, and Hong Kong. The group appears focused on stealing technology and intellectual property – exactly what youd expect from a state-sponsored operation.
The targeting of Japanese defence contractors is especially notable given the geopolitical tensions in the region. This isnt random cybercrime. Its strategic espionage.
For organisations in the crosshairs the advice is familiar but critical. Train employees to recognise phishing attempts. Disable macros by default. Monitor for unusual network connections. And accept that sophisticated nation-state actors are incredibly difficult to defend against.
The cyber cold war continues apace.
