An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018. The Russian cybersecurity firm termed the ongoing espionage campaign ‘TunnelSnake’ Based on telemetry analysis, less than 10 victims around the world have been targeted to date, with the most prominent targets being two large diplomatic entities in Southeast Asian and Africa. The tactics, techniques, and procedures (TTPs) used in the attacks also show that the targeted entities fit the victimology pattern associated with Chinese-speaking adversaries.
Source: https://thehackernews.com/2021/05/new-stealthy-rootkit-infiltrated.html