APT Hackers Turn On China

Uploaded on 2020-04-15 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW

State-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. A well-resourced hacking group with possible ties to South Korea has launched an apparent espionage campaign against the Chinese government as international governments grapple with the COVID-19 pandemic.

An advanced persistent threat group known as DarkHotel has compromised more than 200 virtual private network servers to infiltrate “many” Chinese institutions and government agencies.

Attacks began in March and are believed to be related to the current coronavirus outbreak. Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in servers that are used to provide remote access to enterprise and government networks. Qihoo discovered more than 200 VPN servers that have been hacked in this campaign. The security firm said that 174 of these servers were located on the networks of government agencies in Beijing and Shanghai, and the networks of Chinese diplomatic missions operating abroad. India

In their recent report Qihoo researchers said the entire attack chain was sophisticated. Hackers used the zero-day to gain control over Sangfor VPN servers, where they replaced a file named SangforUD.exe with a booby trapped version. This file is an update for the Sangfor VPN desktop app, which employees install on their computers to connect to Sangfor VPN servers, and inherently to their work networks.

Qihoo researchers said that when workers connected to hacked Sangfor VPN servers, they were provided with an automatic update for their desktop client, but received the booby trapped SangforUD.exe file, which later installed a backdoor Trojan on their devices.

The Chinese security firm said it tracked the attacks to a hacker group known as Darkhotel. The group is believed to operate out of the Korean peninsula, although it is yet unknown if they are based in North or South Korea.The group, which has been operating since 2007, is considered one of today's most sophisticated state-sponsored hacking operations.

What Is Darkhotel?
Darkhotel is an advanced persistent threat gang that operates from East Asia and is behind a long-running series of cyberespionage-focused campaigns against corporate executives, government agencies, defense industry, electronics industry and other important sectors. Its footprints in the cyber realm are all over China, North Korea, Japan, Myanmar, Russia and other countries. Their operations can be traced back to as early as 2007.

This is not the first time that Darkhotel launches an attack on China. Earlier, Qihoo 360 had captured two 0day exploits used by this Peninsula APT gang to target Chinese government’s commercial agencies when Microsoft ended Windows 7 support.

Qihoo360:          Kaspersky:      ZDNet:            CyberScoop:       The CyberWire:      


You Might Also Read: 
 

Darkhotel Deploys Zero-Day From Hacking Team:

« No, 5G Does Not Spread Coronavirus
Pandemic Prevention Using Blockchain »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Zybert Computing

Zybert Computing

Zybert Computing provide server solutions with built-in security and information protection features for the SME market.

mile2

mile2

Mile2 develop and deliver proprietary vendor neutral professional certifications for the cyber security industry.

BeOne Development

BeOne Development

BeOne Development provide innovative training and learning solutions for information security and compliance.

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

VerifyMe

VerifyMe

VerifyMe is a global technology solutions company delivering brand protection offerings to mitigate counterfeiting, product diversion, and illicit trade.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

Accredia

Accredia

Accredia is the national accreditation body for Italy. The directory of members provides details of organisations offering certification services for ISO 27001.

Bugraptors

Bugraptors

BugRaptors is a certified software testing company with extensive experience as a third-party testing vendor, effectively proven as a leader in software testing & QA Services.

Servian

Servian

Servian is one of Australia's leading IT consultancies, with expertise in cloud, data, machine learning, DevOps and cybersecurity.

Information & Communications Technology Association of Jordan (int@j)

Information & Communications Technology Association of Jordan (int@j)

The Information & Communications Technology Association of Jordan is a membership based ICT and IT Enabled Services (ITES) industry advocacy, support and networking association.

Kyndryl

Kyndryl

Kyndryl has a comprehensive portfolio that leverages hybrid cloud solutions, business resiliency, and network services to help optimize your IT workloads and transformations.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

Evervault

Evervault

Evervault provides engineers easy solutions to complex data security and compliance problems.

Verastel

Verastel

Specializing in the niche space of proactive cyber-defense, and adaptive resilience, team Verastel is bolstering enterprise digital security like never before.

Parried

Parried

Parried is a leading Managed IT Services and Cybersecurity provider, known for blending deep technical knowledge with business strategy.