Operation PZCHAO

Nowadays cyber-attacks are growing in complexity as threat actors divide payloads in multiple modules with highly specialized uses to achieve a target's compromise. The past few years have seen high-profile cyber-attacks that shifted from damaging the targets' digital infrastructures to stealing highly sensitive data, silently monitoring the victim, and constantly laying the ground for a new wave of attacks. This is also the case of a custom-built piece of malware that we have been monitoring for several months as it wreaked havoc in Asia by targeting a number of high-profile institutions. Our threat intelligence systems picked up the first indicators of compromise in July last year and we have dissected it to better understand its capabilities, its communication techniques, and ultimately its impact on the victim's data.