Palo Alto’s Unit 42 security group has discovered a new malware family called Reaver with links to Chinese espionage group, also known for using SunOrcal malware.
The attackers have been using the new family of Reaver malware since late 2016, along with SunOrcal malware with activity going back to 2010.
According to the report, the final payload is in a unique form of CPL (control panel item) file, a rare technique used by malware.
The group has used both Reaver and SunOrcal concurrently, with some C2 infrastructure overlap between the two families, since late last year through November this year.