A ‘FunnyDream’ From China

Uploaded on 2020-11-27 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-Transport & Travel

A state-sponsored Chinese hacking  group named FunnyDream has been using malware to attack hundreds of hotel network systems in Southeast Asia. The malware infections are part of a widespread espionage campaign, according to a report published recently by the experts a Bitdefender

The attacks have primarily targeted Southeast Asian government and private sector organisations and to date around 200 machines have been identified  as showing signs of infection with tools associated with this group. 

A previous  report published by another leading security firm Kaspersky Lab, has identified FunnyDream targets in Malaysia, Taiwan, the Philippines and Vietnam. 

When investigating the FunnyDream group, Bitdfender compiled an attack timeline of how the tools were used when compromising a machine. After piecing all the forensic evidence together, the timeline paints a picture of how all the tools found are tied to each other, serving as a detailed case study into dissecting an APT-style attack. 

Many of the phishing launched by cyber criminals this year have been trying to exploit fears about Coronavirus. The list of attackers includes threat actors such as Kimusky and Lazarus  who are understood to have used COVID-19-themed lures to target their victims. 

While the malware cannot be conclusively attributed to any particular threat actor it might be related to the same group behind the DarkHotel hacking exploit, first  identified by Kaspersky in 2015.

Both Bitdefender and Kaspersky say the group is still active and appears to be primarily interested in spying and data theft, concentrating on stealing sensitive documents from infected hosts, with a special focus on national security and industrial espionage.

FunnyDream operate spear phishing campaigns using highly advanced zero-day exploits that  are effective in getting around the latest Windows and Adobe defences. Their favoured method is to penetrate upscale hotel networks to follow and hit selected targets as they travel around the world. 

These travelers are often top executives from a variety of industries doing business and outsourcing operations in the APAC region. Victims have included CEOs, senior vice presidents, sales and marketing directors and top R&D staff. and the hotel network intrusion format provides the attackers with precise global scale access to high value targets. 

Bitdefender:   Kaspersky SecureList:     ZD Net:      Kaspersky SecureList

You Might Also Read:  

The Risks Of Remote Working

 

« Cyber Security Has Become Critical For National Security
NCSC Come Off Bench To Help Manchester United »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

Kroll

Kroll

Kroll provides clients a way to build, protect and maximize value through our differentiated financial and risk advisory and intelligence.

Networkers

Networkers

Networkers is a global recruitment consultancy helping unite job-seekers and hiring companies across the technology industry.

EdgeWave

EdgeWave

EdgeWave provides simple but highly effective data security and advanced threat protection in solutions that are affordable, scalable and easy to use.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

Innosphere Ventures

Innosphere Ventures

Innosphere Ventures is Colorado’s leading science and technology incubator, accelerating the success of high-impact startup and scaleup companies.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

Pacific Global Security Group

Pacific Global Security Group

Pacific Global Security Group offers an intelligence-driven focus on all aspects of cybersecurity for IT/ICS/OT.

Sealing Technologies (SealingTech)

Sealing Technologies (SealingTech)

SealingTech is a leader in cutting edge research, products, engineering, and integration services in the Internet of Things, Edge, Machine Learning, Artificial Intelligence, and Cloud.

Espria

Espria

Espria is a leading independent managed service provider with expertise in Cloud, IT, Communications and Document Solutions.

Blackwell Security

Blackwell Security

Blackwell is a driving force in healthcare cybersecurity, transforming how security operations are conducted within this critical sector.

USX Cyber

USX Cyber

USX Cyber was founded on the idea that small and medium businesses deserve and require the same level and sophistication of cyber protection as large enterprises.

GoCloud Systems

GoCloud Systems

GoCloud is an IT consulting firm. We provide IT strategy and cloud adoption services to the New Zealand Government, Non-Profit Organisations and private industry.

Anthropic

Anthropic

Anthropic is a Public Benefit Corporation, whose purpose is the responsible development and maintenance of advanced AI for the long-term benefit of humanity.