Security
Headlines
HeadlinesLatestCVEs

Headline

'TIDrone' Cyberattackers Target Taiwan's Drone Manufacturers

The Chinese-speaking group is launching sophisticated malware towards military and satellite targets globally.

DARKReading
#auth

Source: ZUMA Press, Inc. via Alamy Stock Photo

A threat actor dubbed “TIDrone” by researchers is actively going after military- and satellite-related industrial supply chains, particularly drone manufacturers in Taiwan.

That’s according to Trend Micro, which linked TIDrone to other Chinese-speaking groups and noted that it uses enterprise resource planning (ERP) software or remote desktop tools to deploy advanced, proprietary malware.

“Since the beginning of 2024, we have been receiving incident response cases from Taiwan,” according to an analysis from the firm. "[However], telemetry from VirusTotal indicates that the targeted countries are varied; thus, everyone should stay vigilant of this threat."

The specialized toolsets include “CXCLNT,” which can upload and download files, collect victim information such as file listings and computer names, and comes complete with stealth capabilities. Another weapon is “CLNTEND,” a remote access tool (RAT) first seen last April that supports a wide range of network protocols for communication.

Once TIDrone has compromised a target, it deploys user account control (UAC) bypass techniques, credential dumping, and hacktool usage to disable antivirus products, according to the analysis.

“The threat actors have consistently updated their arsenal and optimized the attack chain,” the researchers noted. “Notably, anti-analysis techniques are employed in their loaders, such as verifying the entry point address from the parent process and hooking widely used application programming interfaces (APIs) like GetProcAddress to alter the execution flow.”

About the Author

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

DARKReading: Latest News

Too Much 'Trust,' Not Enough 'Verify'