REF2924
Intelligence Profile
A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the researchers — in attacks against victims operating in southern and southeast Asia.According to a blog post by Elastic senior security research engineer Remco Sprooten, in that region of the world, network-based detection and prevention technologies are the de facto method for securing many environments.
Threat Analysis
REF2924 is a known-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of unknown activity patterns.
Known Campaigns
REF2924 is a unknown-motivation threat actor attributed to China. A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the researchers — in attacks against victims operating in southern and southeast Asia.According to a blog post by Elastic senior se...