A threat actor known as “TIDrone” is actively targeting military- and satellite-related industrial supply chains, particularly drone manufacturers in Taiwan. According to Trend Micro, this Chinese-speaking group uses enterprise resource planning (ERP) software or remote desktop tools to deploy advanced malware.
The researchers noted that since the beginning of 2024, they have been receiving incident response cases from Taiwan, warning everyone to stay vigilant of this threat. The specialized toolsets include “CXCLNT,” which can upload and download files, collect victim information, and comes with stealth capabilities. Another weapon is “CLNTEND,” a remote access tool (RAT) that supports various network protocols.
Once TIDrone has compromised a target, it deploys user account control (UAC) bypass techniques, credential dumping, and hacktool usage to disable antivirus products. The threat actors have consistently updated their arsenal and optimized the attack chain, employing anti-analysis techniques in their loaders.
Source: https://www.darkreading.com/ics-ot-security/tidrone-cyberattackers-taiwan-drone-manufacturers