Chinese state-sponsored threat group Tropic Trooper, or KeyBoy, has resurfaced as Earth Centaur. The group is targeting the transportation industry and government agencies associated with that sector. Trend Micro’s researchers split the infection chain into four parts: entry point, first stage, second stage and post-exploitation. The initial entry point is through vulnerable internet information services – or IIS – server and Exchange Server vulnerabilities, which include exploitation of the infamous ProxyLogon vulnerabilities, the researchers say.”]
Source: https://www.cuinfosecurity.com/chinese-apt-rebrands-to-target-transportation-sector-a-18158