The TIDRONE group is targeting Taiwanese drone manufacturers for cyber espionage

9 September 2024 2 minutes Author: Newsman

TIDRONE, a cybercriminal group believed to be linked to Chinese gangs, has launched a series of cyberattacks on Taiwanese drone manufacturers using specialized malware for espionage purposes.

New spy group TIDRONE, reportedly linked to a Chinese group, has targeted Taiwanese drone manufacturers. According to Trend Micro, the attack was launched in 2024 and aims to obtain sensitive information about military technology. The attackers’ main tools are special malware CXCLNT and CLNTEND, which use remote access tools such as UltraVNC to control systems. They use a multi-stage attack chain to elevate privileges, steal credentials, and bypass antivirus protection. Their main goal is to collect sensitive information using a backdoor loaded via a DLL file associated with Microsoft Word.

The TIDRONE faction first appeared in early 2024. It is known to use malware, including CXCLNT and CLNTEND, which have the ability to steal files and computer information, as well as download additional malware. Analysis of the attacks revealed that all victims used the same ERP software, indicating a possible supply chain attack. Attackers use TCP, HTTP, HTTPS, TLS, and SMB protocols to transfer data.

The TIDRONE cyber attack on a Taiwanese drone manufacturer is part of a wider trend of cyber espionage in the military technology sector. This incident highlights the need to strengthen cyber defenses and carefully monitor suspicious activity to protect sensitive information from cybercriminals.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.