返回 TI 主页
Geopolitical game under the tariff stick: APT Group target the China-Africa community with a shared future

By 红雨滴团队 | 事件追踪

Political Background

The restart of the tariff war by the White House in 2025 will have a drastic impact on the global trade pattern, and a country in Southeast Asia, as an externally oriented economy, will be the first to bear the brunt, facing the double pressure of export shrinkage and supply chain restructuring. The political dilemma is particularly evident in cyberspace espionage, with the OceanLotus group launching a high-level supply chain attack in the first half of 2025 targeting domestically produced systems and win platforms, and spying on China's foreign trade policy in the country's Fifteenth Five-Year Plan, in an attempt to find a way to mitigate the trade gap between China and the US. According to the Financial Times, BBC and other media reports, the trade agreement reached between Southeast Asian countries and the United States at the beginning of July did not meet expectations [1], and in order to reduce dependence on the single market, expand diversified supply chains, and open up the EU's secondary trade corridors, a country in Southeast Asia has recently shifted its strategic attention to Africa [2][3].

It is worth noting that cyber espionage has quietly preceded its political and economic actions before they are in full swing. In early July, the OceanLotus group dropped low-level spear mails targeting China-Africa cooperation units in an attempt to gain intelligence on China-Africa cooperation and pave the way for its subsequent diplomatic visits to Africa.

We recommend our clients to deploy Skyrocker in both office and server areas, which can precisely block malicious attachments with Skyrocker's "Hexagonal" Advanced Threat Defense Engine turned on:


Sample Analysis

The content of the malicious attachment zip file is as follows:

Lnk file pointing to kyxiang.exe -verbosity white plus black component, the document bait content is as follows, the theme is the future development plan of China-Africa community of destiny:

libusb-1.0.dll Main function is loader:

In-memory loading of a previously used rust trojan:

OceanLotus group's supply chain activities for localized platforms, we will choose the right time to disclose them to the open source community.


Summary

Currently, the full line of products based on the threat intelligence data from the Qi'anxin Threat Intelligence Center, including the Qi'anxin Threat Intelligence Platform (TIP), SkyRock, SkyEye Advanced Threat Detection System, Qi'anxin NGSOC, Qi'anxin Situational Awareness, and others, already support the accurate detection of such attacks.


IOC

MD5:

15ba59eda9b2520498fe81c1ac469aa2

f758c20f1badff36a8b423c2fda2192a

C2:

198.199.85.83:80 (expired)


Reference Links

[1]. https://www.bbc.com/zhongwen/articles/cly8e40ekmyo/simp

[2]. https://vovworld.vn/vi-VN/binh-luan/viet-nam-tang-cuong-hop-tac-voi-cac-quoc-gia-chau-phi-tich-cuc-dong-gop-giai-quyet-cac-van-de- toan-cau-1409722.vov

[3]. https://en.vietnamplus.vn/vietnam-a-dynamic-development-partner-for-africa-post323152.vnp

APT SOUTHEAST ASIA OCEANLOTUS
首页
Geopolitical game under the tariff stick: APT Group target the China-Africa community with a shared future