The security vendor, which discovered the new threat actor group in early April 2024, said the attacks entail advertising popular software such as Google Chrome, LetsVPN, QuickVPN, and a Telegram language pack for the Simplified Chinese language to distribute Winos. Alternate attack chains leverage backdoored installers propagated on Chinese-language-themed Telegram channels.
The links surfaced via black hat SEO tactics point to dedicated infrastructure set up by the adversary to stage the installers in the form of ZIP archives. For attacks targeting Telegram channels, the MSI installers and ZIP archives are directly hosted on the messaging platform.
Void Arachne is an advanced persistent threat (APT) that has been active since at least 2014, targeting government agencies and organizations in various countries including China, Russia, Iran, North Korea, Syria, and Venezuela. The group's primary objective appears to be theft of sensitive information for espionage purposes. Void Arachne is known for its sophisticated tactics such as social engineering, spear-phishing attacks, malware distribution through email attachments or links in emails, and use of zero-day vulnerabilities. The group has been linked to several high-profile cyberattacks including the attack on Sony Pictures Entertainment in 2014 and the hacking of the Democratic National Committee (DNC) during the US presidential election campaign in 2016.
Techniques, tactics and practices:
Void Arachne is an advanced persistent threat that has been active since at least 2014. The group's primary objective appears to be theft of sensitive information for espionage purposes, and they are known for their sophisticated tactics such as social engineering, spear-phishing attacks, malware distribution through email attachments or links in emails, and use of zero-day vulnerabilities. The group has been linked to several high-profile cyberattacks including the attack on Sony Pictures Entertainment in 2014 and the hacking of the Democratic National Committee (DNC) during the US presidential election campaign in 2016.
Alternate Group Names
Void Arachne,
