The extortionists said it would be reduced to $1 million if paid in three days. Crucially, Symantec’s threat researchers observed the use of a custom version of the PlugX backdoor previously deployed ...

PlugX had been an ongoing threat for years, enabling hackers to spy on and exploit their victims. Thanks to this operation, over 4,000 US-based computers are now free of this malware.

The particular PlugX variant, or plug-in, that was observed together with ransomware by Symantec, has previously been linked by researchers from Palo Alto Networks and Trend Micro to a Chinese APT ...

The hackers, dubbed Green Nailao, deployed ShadowPad and PlugX malware, both commonly associated with Chinese cyberespionage groups, as well as a previously undocumented ransomware strain called ...

Specifically, the attack chains entails the use of a legitimate Toshiba executable named "toshdpdb.exe" to sideload a malicious DLL named "toshdpapi.dll," which, in turn, acts as a conduit to load the ...

- https://www.fireeye.com/blog/threat-research/2014/07/pacific-ring-of-fire-plugx-kaba.html - https://www.avira.com/en/blog/new-wave-of-plugx-targets-hong-kong ...

The toolset includes a legitimate Toshiba executable deployed on the victims’ systems to sideload a malicious DLL that deploys a heavily obfuscated payload containing the PlugX (aka Korplug) backdoor.

A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately ...