The Cycldek APT (Advanced Persistent Threat) was first spotted by malware analysts in 2018. However, after studying the campaigns carried out by the Cycldek group, it became evident that the APT has likely been active since 2014. Most of the campaigns of the Cycldek group are carried out in South East Asia. The hacking group tends to go after high-profile politicians and important government bodies. The Cycldek hacking group has a wide variety of hacking tools at its disposal. This APT uses both hacking tools and legitimate software in their campaigns. The latter technique is referred to as living-off-the-land tools. In one of their latest operations, the Cycldek group revealed a very impressive piece of malware called USBCulprit. This high-end hacking tool is designed to infiltrate air-gapped systems and steal classified information and documents.
Cybersecurity researchers believe that the Cycldek hacking group originates from China. Most of the targets of the Cycldek APT are located in South East Asia – Vietnam, Laos and Thailand. However, occasionally, the Cycldek group also targets government institutions and officials in other South East Asian countries.
Among the most well-known hacking tools of the Cycldek APT is the NewCore RAT (Remote Access Trojan). The Cycldek hacking group has used the NewCore RAT to create two other threats. One of the hacking tools based on the NewCore RAT, has been dubbed BlueCore RAT. The other NewCore RAT-based piece of malware was labeled RedCore RAT.
As we mentioned, the Cycldek APT does not only rely on custom-built malware but also publicly available hacking tools. Some of the publicly available threats utilized by the Cycldek hacking group are:
- JsonCookies – This tool collects cookies from Chromium-based Web browsers via SQLite databases.
- HDoor – A backdoor Trojan that has been around for quite a while and often is used by Chinese hacking groups.
- ChromePass – An infostealer that collects login credentials from Chromium-based Web browsers.
The Cycldek hacking group is very experienced in the field of cybercrime, evidently. To avoid detection by malware analysts and security tools, the Cycldek APT makes sure to update its hacking tools regularly.