CoralRaider
Intelligence Profile
CoralRaider is a financially motivated threat actor of Vietnamese origin, targeting victims in Asian and Southeast Asian countries since at least 2023. They use the RotBot loader family and XClient stealer to steal victim information, with hardcoded Vietnamese words in their payloads. CoralRaider operates from Hanoi, Vietnam, and uses a Telegram bot as a C2 channel for their malicious campaigns. Their activities include system reconnaissance, data exfiltration, and targeting victims in multiple countries in the region.
Threat Analysis
CoralRaider is a high-sophistication threat actor attributed to Vietnam, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like CoralRaider prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
With high sophistication, CoralRaider is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.
Known Campaigns
CoralRaider is a financial threat actor attributed to VN. CoralRaider is a financially motivated threat actor of Vietnamese origin, targeting victims in Asian and Southeast Asian countries since at least 2023. They use the RotBot loader family and XClient stealer to steal victim information, with hardcoded Vietnamese words in their payl...