Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines

The threat intelligence and incident response firm said that the attacks led to the deployment of three new malware families dubbed MISTCLOAK, DARKDEW, BLUEHAZE, and Ncat, the latter of which is a command-line networking utility that's used to create a reverse shell on the victim system. A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector. An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September 2021.