Operation Jacana     , a cyber espionage campaign     , has recently been uncovered. This targeted attack focused on a governmental entity in Guyana and was carried out by Chinese state-sponsored cyber attackers.
The attackers utilized spear-phishing emails that referenced Guyanese public and political affairs to gain unauthorized access to the internal network . Once inside, they deployed a previously unknown backdoor called DinodasRAT . This sophisticated malware has the capability to exfiltrate files, manipulate Windows registry keys    , and execute commands     . To conceal their activities, DinodasRAT encrypts information using the Tiny Encryption Algorithm and sends it to a command and control server. The attackers also employed the Korplug backdoor and the SoftEther VPN client .
ESET   , a leading cybersecurity company, has attributed this campaign to a Chinese advanced persistent threat (APT) group based on the use of the Korplug RAT  , which is commonly associated with China-aligned cyber threat groups. It is believed that the attack on the Guyanese governmental entity may be a response to recent tensions between Guyana and China. Additionally, the attackers compromised a Vietnamese governmental entity to host their malware samples   .
The Operation Jacana cyber espionage campaign has significant implications. It highlights the increasing sophistication of state-sponsored cyber attackers and their ability to target specific governmental entities. To mitigate such attacks, organizations must enhance their cybersecurity measures and remain vigilant against spear-phishing attempts. Furthermore, this incident underscores the need for international cooperation in addressing cyber threats and resolving geopolitical tensions that can fuel such attacks.