Since last year, we have been following a threat that we refer to as NanHaiShu, which is a Remote Access Trojan. The threat actors behind this malware target government and private-sector organizations that were directly or indirectly involved in the international territorial dispute centering on the South China Sea. Hence, the name nán hǎi shǔ (南海鼠) which means South China Sea rat.
Based on our observations, the timings of the attacks indicated political motivation, as they occurred either within a month following notable news reports related to the dispute, or within a month leading up to publicly-known political events featuring the said issue.
The white paper is a culmination of our research to understand the motivation behind NanHaiShu. To know more about our analysis and other interesting details, please read our white paper from here.