The Chinese nation-stage group known as Camaro Dragon has been linked to yet another backdoor, this one designed to gather intelligence-gathering goals.
The company behind the malware, Check Point, said it functions as a first-stage payload capable of basic machine enumeration and command execution via PowerShell or Goroutines.
Camaro Dragon also overlaps with a threat actor known as Mustang Panda, a state-sponsored group from China that is known to be active since at least 2012.
The TinyNote backdoor is distributed using names related to foreign affairs and likely targets Southeast and East Asian embassies.
It demonstrates the targeted approach taken by Camaro Dragons army in its research before inserting it into a victim’s system.
Check Point also warns that the group does not spare itself in designing these backdoors.