APT Hackers Turn On China

Uploaded on 2020-04-15 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW

State-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. A well-resourced hacking group with possible ties to South Korea has launched an apparent espionage campaign against the Chinese government as international governments grapple with the COVID-19 pandemic.

An advanced persistent threat group known as DarkHotel has compromised more than 200 virtual private network servers to infiltrate “many” Chinese institutions and government agencies.

Attacks began in March and are believed to be related to the current coronavirus outbreak. Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in servers that are used to provide remote access to enterprise and government networks. Qihoo discovered more than 200 VPN servers that have been hacked in this campaign. The security firm said that 174 of these servers were located on the networks of government agencies in Beijing and Shanghai, and the networks of Chinese diplomatic missions operating abroad. India

In their recent report Qihoo researchers said the entire attack chain was sophisticated. Hackers used the zero-day to gain control over Sangfor VPN servers, where they replaced a file named SangforUD.exe with a booby trapped version. This file is an update for the Sangfor VPN desktop app, which employees install on their computers to connect to Sangfor VPN servers, and inherently to their work networks.

Qihoo researchers said that when workers connected to hacked Sangfor VPN servers, they were provided with an automatic update for their desktop client, but received the booby trapped SangforUD.exe file, which later installed a backdoor Trojan on their devices.

The Chinese security firm said it tracked the attacks to a hacker group known as Darkhotel. The group is believed to operate out of the Korean peninsula, although it is yet unknown if they are based in North or South Korea.The group, which has been operating since 2007, is considered one of today's most sophisticated state-sponsored hacking operations.

What Is Darkhotel?
Darkhotel is an advanced persistent threat gang that operates from East Asia and is behind a long-running series of cyberespionage-focused campaigns against corporate executives, government agencies, defense industry, electronics industry and other important sectors. Its footprints in the cyber realm are all over China, North Korea, Japan, Myanmar, Russia and other countries. Their operations can be traced back to as early as 2007.

This is not the first time that Darkhotel launches an attack on China. Earlier, Qihoo 360 had captured two 0day exploits used by this Peninsula APT gang to target Chinese government’s commercial agencies when Microsoft ended Windows 7 support.

Qihoo360:          Kaspersky:      ZDNet:            CyberScoop:       The CyberWire:      


You Might Also Read: 
 

Darkhotel Deploys Zero-Day From Hacking Team:

« No, 5G Does Not Spread Coronavirus
Pandemic Prevention Using Blockchain »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Forcepoint

Forcepoint

Forcepoint provide a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies of managing multiple point security products.

ARC Advisory Group

ARC Advisory Group

ARC is a leading technology research and advisory firm with expertise in both information technologies (IT) and operational technologies (OT)

Austrian Trust Circle

Austrian Trust Circle

Austrian Trust Circle is an initiative of CERT.at and the Austrian Federal Chancellery and consists of Security Information Exchanges in the areas of the strategic information infrastructure.

Egyptian Supreme Cybersecurity Council (ESCC)

Egyptian Supreme Cybersecurity Council (ESCC)

ESCC is responsible for developing a national strategy to face and respond to the cyber threats and attacks and to oversee its implementation and update.

HCL Technologies

HCL Technologies

HCL offer an integrated portfolio of products, solutions and services built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, Infrastructure Management and Engineering Services.

Balbix

Balbix

Balbix BreachControl™ is the industry’s first system to leverage specialized AI to provide comprehensive and continuous predictive assessment of breach risk.

BLOCKO

BLOCKO

BLOCKO is a blockchain specialized technology company that has experienced and achieved the largest amount of business in South Korea.

Blu Venture Investors (BVI)

Blu Venture Investors (BVI)

Blu Venture Investors is a venture capital firm that supports early stage companies with a focus on technology in diverse domains including cybersecurity, IoT, defense and homeland security.

AmWINS Group

AmWINS Group

AmWINS are a global specialty insurance distributor with expertise in property, casualty and professional lines including cyber liability.

Winmill Software

Winmill Software

Winmill is a technology services company that provides expert consulting services in Application Development, Application Security and Cyber Security.

TheHive Project

TheHive Project

TheHive Project is a Scalable, Open Source and Free Security Incident Response Platform for SOC, CSIRT and CERT teams.

MLSecOps Community

MLSecOps Community

The MLSecOps Community is a collaborative space for machine learning security experts and industry leaders to connect and shape the future of AI/ML security.

NewEvol

NewEvol

Don’t React, Evolve! Outsmart threats with real-time AI-powered dynamic defense capability of NewEvol all-in-one cybersecurity platform.

Eclypses

Eclypses

Eclypses has a disrupting cyber technology, offering organizations an advanced data security solution called MicroToken Exchange (MTE).

Reveald

Reveald

Reveald is making Exposure Management a reality to solve the biggest challenges in cybersecurity with a trailblazing ‘offense to defense’ approach that gives the advantage back to the business.

NetDescribe

NetDescribe

NetDescribe, part of Xantaro Group, advises and supports companies in building secure and stable IT environments.