WIP19, a Chinese-speaking threat group, has been launching cyberattacks against IT service providers (ITSPs) and telecommunications companies in the Middle East and Asia, according to SentinelLabs, the cybersecurity and threat research arm of SentinelOne.
To launch the cyberattacks, WIP19 utilizes a "legitimate, stolen certificate to sign novel malware, including SQLMaggie, ScreenCap and a credential dumper," the report said.
The resulting intrusions "involved precision targeting and were low in volume," SentinelLabs reported. "Specific user machines were hardcoded as identifiers in the malware deployed, and the malware was not widely proliferated. Further, the targeting of telecommunications and IT service providers in the Middle East and Asia suggest the motive behind this activity is espionage-related. Communications providers are frequent targets of espionage activity due to the kinds and amount of sensitive data they hold."
SentinelOne did not mention how many ITSPs and telecom companies were targeted.
CISA, FBI, UK Repeatedly Issue Cyberattack Warnings to MSPs
The CISA, FBI and UK authorities have repeatedly warned MSPs about inbound cyberattacks. The latest joint warning, issued in May 2022, included 12 tips to help MSPs reduce ransomware cyberattack threat risks.
Separately, Microsoft issued a ransomware cyberattack warning to small businesses and their IT service providers in July 2022.