A China-based advanced persistent threat (APT) campaign has been targeting European government entities focused on foreign and domestic policies, according to research by Check Point.
The campaign, dubbed SmugX, uses HTML smuggling, a technique in which attackers hide malicious payloads inside HTML documents.
Active since December 2022, the campaign is likely a direct continuation of a previously reported campaign attributed to RedDelta and the Mustang Panda group, according to the Check Point report.
Campaign targeting European embassies
Check Point said it has been tracking the Chinese threat actor for two months and has concluded that it is targeting foreign and domestic policy entities as well as embassies in Europe.
“Combined with other Chinese based group’s activity previously reported by Check Point Research, this represents a larger trend within the Chinese ecosystem, pointing to a shift in target towards European entities, with a focus on their foreign policy,” the report added.
Apart from the UK, the campaign appears to be focused on Eastern European countries, including the Czech Republic, Slovakia, and Hungary. The goal of the campaign, as per Check Point’s assessment, is to “get a hold of sensitive information on the foreign policies of those countries.”