A ‘FunnyDream’ From China

Uploaded on 2020-11-27 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-Transport & Travel

A state-sponsored Chinese hacking  group named FunnyDream has been using malware to attack hundreds of hotel network systems in Southeast Asia. The malware infections are part of a widespread espionage campaign, according to a report published recently by the experts a Bitdefender

The attacks have primarily targeted Southeast Asian government and private sector organisations and to date around 200 machines have been identified  as showing signs of infection with tools associated with this group. 

A previous  report published by another leading security firm Kaspersky Lab, has identified FunnyDream targets in Malaysia, Taiwan, the Philippines and Vietnam. 

When investigating the FunnyDream group, Bitdfender compiled an attack timeline of how the tools were used when compromising a machine. After piecing all the forensic evidence together, the timeline paints a picture of how all the tools found are tied to each other, serving as a detailed case study into dissecting an APT-style attack. 

Many of the phishing launched by cyber criminals this year have been trying to exploit fears about Coronavirus. The list of attackers includes threat actors such as Kimusky and Lazarus  who are understood to have used COVID-19-themed lures to target their victims. 

While the malware cannot be conclusively attributed to any particular threat actor it might be related to the same group behind the DarkHotel hacking exploit, first  identified by Kaspersky in 2015.

Both Bitdefender and Kaspersky say the group is still active and appears to be primarily interested in spying and data theft, concentrating on stealing sensitive documents from infected hosts, with a special focus on national security and industrial espionage.

FunnyDream operate spear phishing campaigns using highly advanced zero-day exploits that  are effective in getting around the latest Windows and Adobe defences. Their favoured method is to penetrate upscale hotel networks to follow and hit selected targets as they travel around the world. 

These travelers are often top executives from a variety of industries doing business and outsourcing operations in the APAC region. Victims have included CEOs, senior vice presidents, sales and marketing directors and top R&D staff. and the hotel network intrusion format provides the attackers with precise global scale access to high value targets. 

Bitdefender:   Kaspersky SecureList:     ZD Net:      Kaspersky SecureList

You Might Also Read:  

The Risks Of Remote Working

 

« Cyber Security Has Become Critical For National Security
NCSC Come Off Bench To Help Manchester United »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

Information Security Group (ISG) - Royal Holloway

Information Security Group (ISG) - Royal Holloway

The Information Security Group, Royal Holloway, University of London, is an Academic Centres of Excellence in Cyber Security Research.

Ceerus

Ceerus

Ceerus was created to simplify the process of deploying and managing security across all the channels in an organisation.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

Digital Transformation EXPO (DTX)

Digital Transformation EXPO (DTX)

Digital Transformation EXPO showcases the latest technology and insight from the world’s leading brands and experts in DX.

Phew

Phew

Phew are New Zealand cyber security specialists with expertise and experience forged in global financial markets, IT&T, management consulting and SME business management.

Open Cloud Factory

Open Cloud Factory

Open Cloud Factory is a European based security company, that strives to ease the pressure on IT managers, by providing tools to implement your Security Strategy in an effective and easy manner.

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI) is an independent, global think-tank. We bring together the world’s top global researchers to undertake ground-breaking research on blockchain technology.

Global Cyber Risk (GCR)

Global Cyber Risk (GCR)

Global Cyber Risk is a technology and advisory services firm that provides first tier cybersecurity services to both large corporations and small and mid-sized businesses.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

CICRA Consultancies

CICRA Consultancies

Cicra Consultancies is a company that specializes in cyber security. Our major activities are guided by three main principles: Prevent, Investigate, Prosecute.

senhasegura

senhasegura

senhasegura is a global Privileged Access Management vendor. Our mission is to eliminate privilege abuse in organizations around the globe and build digital sovereignty.

Silobreaker

Silobreaker

Silobreaker is a SaaS platform that enables threat intelligence teams to produce high-quality and relevant intelligence at a faster pace.

Interlynk

Interlynk

Interlynk's #SBOM and # VEX-powered platform automates and continuously monitors first-party and vendor software supply chains and helps meet #FDA, #CRA, #GSA, and #DoD compliance obligations.

SplxAI

SplxAI

Our mission at SplxAI is to secure and safeguard GenAI-powered conversational apps by providing advanced security and pentesting solutions, so neither your organization nor your user base get harmed.

Corgea

Corgea

Corgea is AI-powered security platform that finds, triages and fixes your insecure code.