{"id":17862,"date":"2020-03-02T10:52:30","date_gmt":"2020-03-02T18:52:30","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/03\/02\/news-11595\/"},"modified":"2020-03-02T10:52:30","modified_gmt":"2020-03-02T18:52:30","slug":"news-11595","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/03\/02\/news-11595\/","title":{"rendered":"VB2019 paper: Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation state adversary"},"content":{"rendered":"<p>PKPLUG is the name used by<em> Palo Alto Networks<\/em>\u2019 <em>Unit 42<\/em> team for a China-based threat actor engaged in cyber espionage. The actor uses both off-the-shelf and custom-made malware and some of its infrastructure overlaps with other threat groups.<\/p>\n<p>The group\u2019s activities were detailed in a VB2019 paper by <em>Unit 42<\/em>\u2019s Alex Hinchliffe, who described the playbook of this long-standing adversary. (A shorter version was published around the same time in a <a href=\"https:\/\/unit42.paloaltonetworks.com\/pkplug_chinese_cyber_espionage_group_attacking_asia\/\" target=\"_blank\">blog post<\/a>.)<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" style=\"display: block; margin-left: auto; margin-right: auto;\" src=\"https:\/\/www.virusbulletin.com\/files\/cache\/42e4b8516df3decca7e1c929bd0835bd_f4464.png\" alt=\"henbox_auto_execution.png\" width=\"780\" height=\"255\" \/><span class=\"centered-caption\">Automatic execution of the HenBox malware used by the PKPLUG adversary.<\/span><\/p>\n<p>Today we publish Alex&#8217;s paper in both <a title=\"VB2019 paper: Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary\" href=\"https:\/\/www.virusbulletin.com\/virusbulletin\/2020\/03\/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary\/\">HTML<\/a> and <a href=\"https:\/\/www.virusbulletin.com\/uploads\/pdf\/magazine\/2019\/VB2019-Hinchliffe.pdf\" target=\"_blank\">PDF <\/a>format as well as the recording of his VB2019 presentation.<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p style=\"text-align: center;\" width=\"100%\" height=\"420\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/kYxpttaXkZ0\" frameborder=\"0\" width=\"100%\" height=\"420\" style=\"\"> <\/iframe><\/p>\n<p>\u00a0<\/p>\n<p><em><em>Have you carried out research that furthers our understanding of the threat landscape? Have you discovered a technique that helps in the analysis of malware? <\/em>The <a title=\"VB2020 call for papers - now open!\" href=\"https:\/\/www.virusbulletin.com\/blog\/2019\/12\/vb2020-call-papers-now-open\/\">Call for Papers<\/a> for VB2020 in Dublin is open! Submit your abstract before <strong>15 March<\/strong> for a chance to make it onto the programme of one of the most international threat intelligence conferences.<\/em><\/p>\n<p>outertext<br \/><a href=\"https:\/\/www.virusbulletin.com\/blog\/2020\/03\/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary\/\" target=\"bwo\" >https:\/\/www.virusbulletin.com\/rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.virusbulletin.com\/files\/cache\/42e4b8516df3decca7e1c929bd0835bd_f4464.png\"\/><br \/>                                 The activities of China-based threat actor PKPLUG were detailed in a VB2019 paper by Palo Alto Networks researcher Alex Hinchliffe, who described the playbook of this long-standing adversary. Today we publish both Alex&#8217;s paper and the recording of his presentation.                <\/p>\n<p>                 <a href=\"https:\/\/www.virusbulletin.com\/blog\/2020\/03\/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary\/\">Read more<\/a>                                <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[23177,10378,23176],"tags":[],"class_list":["post-17862","post","type-post","status-publish","format-standard","hentry","category-magazine","category-security","category-virusbulletin"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17862","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17862"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17862\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17862"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}