Analysis of Cyber Threat Actor ‘Unfading Sea Haze’ Targeting South China Sea Organizations

A new cyber threat actor, known as ‘Unfading Sea Haze’, has been targeting organizations in the South China Sea region since 2018, remaining undetected for over five years. Researchers have linked the group’s operations to Chinese geopolitical interests in the region, with tactics similar to known Chinese state-sponsored threat actors.

The group’s modus operandi includes spear-phishing emails with malicious attachments, obfuscated PowerShell commands, and the use of custom-developed malware and publicly available tools for data theft. Unfading Sea Haze also utilizes commercial Remote Monitoring and Management (RMM) tools to establish a foothold on compromised networks.

Of particular concern is the group’s ability to regain access to previously compromised systems, highlighting the importance of strong credential hygiene and patching practices within organizations. Researchers have identified similarities between Unfading Sea Haze and APT41, another Chinese threat actor, in terms of tooling and attack techniques.

To combat this sophisticated threat, researchers recommend a comprehensive security approach, including vulnerability management, strong authentication measures, network segmentation, traffic monitoring, and effective logging. They have also shared Indicator of Compromise (IOC) information for detection and mitigation purposes.

As cyber attackers continue to evolve their tactics, organizations must stay vigilant and proactive in safeguarding their networks against such advanced threats. The ongoing efforts of Unfading Sea Haze to adapt and innovate their toolkit emphasize the need for constant vigilance in the face of cyber threats.