![Billbug infests government agencies. [Research Saturday]](https://images.musicrad.io/resizer/?image=aHR0cHM6Ly9tZWdhcGhvbmUuaW1naXgubmV0L3BvZGNhc3RzLzU4YWI3YWUwLWRlZjgtMTFlYS1iMzRjLWIzNWIyMDhiMDUzOS9pbWFnZS9kYWlseS1wb2RjYXN0LWNvdmVyLWFydC1jdy5wbmc_aXhsaWI9cmFpbHMtNC4zLjEmbWF4LXc9MzAwMCZtYXgtaD0zMDAwJmZpdD1jcm9wJmF1dG89Zm9ybWF0LGNvbXByZXNz&width=600&signature=Y09Mgt0BNxH8YtVOWDhXSvDqXvs=)
Billbug infests government agencies. [Research Saturday]
Brigid O. Gorman from Symantec's Threat Hunter Team joins Dave to discuss their report "Billbug - State-sponsored Actor Targets Cert Authority and Government Agencies in Multiple Asian Countries." The team has discovered that state-sponsored actors compromised a digital certificate authority in an Asian country during a campaign in which multiple government agencies were also targeted.
The research states they believe Billbug, which is a long-established advanced persistent threat (APT) group has been active since about 2009. They say "In activity documented by Symantec in 2019, we detailed how the group was using a backdoor known as Hannotog (Backdoor.Hannotog) and another backdoor known as Sagerunex (Backdoor.Sagerunex). Both these tools were also seen in this more recent activity."
The research can be found here:
Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries
-
Heart UK