Several new instances of attack campaigns that make use of China Chopper have come to light in the past two years. It has been found that various threat actor groups are using the web shell to launch different cyberespionage campaigns. This includes the ‘Operation Soft Cell’ attack campaign which was carried out against telecommunication providers. Researchers note that the use of China Chopper in the massive ‘Operation Soft Cell’ campaign indicates that the tool is quite active and popular among cybercriminals even after nine years of its discovery.
What is China Chopper?
China Chopper is a web shell that allows malicious actors to remotely control a target system. According to researchers from Cisco Talos, it uses a “client-side application that contains all the logic required to control the target.”
The tool has been used by some state-sponsored actors such as Leviathan and Threat Group-3390.
Espionage campaigns linked to China Chopper
Cisco Talos researchers identified a couple of espionage campaigns linked to China Chopper.
Although China Chopper is an old tool, it still finds a significant place in the attack tools used by threat actors. Researchers claim that the usage of the tool is likely to increase in the future.