APT Hackers Turn On China

Uploaded on 2020-04-15 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW

State-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. A well-resourced hacking group with possible ties to South Korea has launched an apparent espionage campaign against the Chinese government as international governments grapple with the COVID-19 pandemic.

An advanced persistent threat group known as DarkHotel has compromised more than 200 virtual private network servers to infiltrate “many” Chinese institutions and government agencies.

Attacks began in March and are believed to be related to the current coronavirus outbreak. Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in servers that are used to provide remote access to enterprise and government networks. Qihoo discovered more than 200 VPN servers that have been hacked in this campaign. The security firm said that 174 of these servers were located on the networks of government agencies in Beijing and Shanghai, and the networks of Chinese diplomatic missions operating abroad. India

In their recent report Qihoo researchers said the entire attack chain was sophisticated. Hackers used the zero-day to gain control over Sangfor VPN servers, where they replaced a file named SangforUD.exe with a booby trapped version. This file is an update for the Sangfor VPN desktop app, which employees install on their computers to connect to Sangfor VPN servers, and inherently to their work networks.

Qihoo researchers said that when workers connected to hacked Sangfor VPN servers, they were provided with an automatic update for their desktop client, but received the booby trapped SangforUD.exe file, which later installed a backdoor Trojan on their devices.

The Chinese security firm said it tracked the attacks to a hacker group known as Darkhotel. The group is believed to operate out of the Korean peninsula, although it is yet unknown if they are based in North or South Korea.The group, which has been operating since 2007, is considered one of today's most sophisticated state-sponsored hacking operations.

What Is Darkhotel?
Darkhotel is an advanced persistent threat gang that operates from East Asia and is behind a long-running series of cyberespionage-focused campaigns against corporate executives, government agencies, defense industry, electronics industry and other important sectors. Its footprints in the cyber realm are all over China, North Korea, Japan, Myanmar, Russia and other countries. Their operations can be traced back to as early as 2007.

This is not the first time that Darkhotel launches an attack on China. Earlier, Qihoo 360 had captured two 0day exploits used by this Peninsula APT gang to target Chinese government’s commercial agencies when Microsoft ended Windows 7 support.

Qihoo360:          Kaspersky:      ZDNet:            CyberScoop:       The CyberWire:      


You Might Also Read: 
 

Darkhotel Deploys Zero-Day From Hacking Team:

« No, 5G Does Not Spread Coronavirus
Pandemic Prevention Using Blockchain »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

SecurityScorecard

SecurityScorecard

SecurityScorecard provides the most accurate security ratings & continuous risk monitoring for vendor and third party risk management.

Optiv

Optiv

Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs that achieve business objectives.

Galvanize

Galvanize

Galvanize is a leading provider of award-winning, cloud-based security, risk management, compliance, and audit software for some of the world’s largest organizations.

Endian

Endian

Endian’s mission is to provide a secure platform that connects distributed people and things, simplifying the digitalization of businesses.

National Cyber Security Center (NCSC) - Hungary

National Cyber Security Center (NCSC) - Hungary

The National Cyber Security Center was established in 2015 by uniting the GovCERT-Hungary, National Electronic Information Security Authority (NEISA) and the Cyber Defence Management Authority (CDMA).

Multitel

Multitel

Multitel is an independent research centre. We develop and integrate emerging technologies into the industrial fabric at the regional and international levels.

Palantir

Palantir

Palantir software empowers entire organizations to answer complex questions quickly by bringing the right data to the people who need it.

Netpoleon Group

Netpoleon Group

Netpoleon is a leading provider of integrated security, networking solutions and value added services.

AdaCore

AdaCore

AdaCore is focused on helping developers build safe, secure and reliable software.

Across Verticals

Across Verticals

Across Verticals is a boutique cyber security consulting firm that specializes in holistic, deeply technical and end to end cyber security advisory services based on industry best practices.

Arcanna.ai

Arcanna.ai

Using a wide range of out-of-the box integrations, Arcanna.ai continuously learns from existing enterprise cybersecurity experts and scales your team’s capacity to deal with threats.

Testhouse Ltd

Testhouse Ltd

Testhouse is a thought leader in the Quality Assurance, software testing and DevOps space. Founded in the year 2000 in London, UK, with a mission to contribute towards a world of high-quality software

Gen Digital

Gen Digital

At Gen™, our mission is to create technology solutions for people to take full advantage of the digital world, safely, privately, and confidently – so together, we can build a better tomorrow.

Sterling Information Technologies

Sterling Information Technologies

Sterling is an information security, operational risk consulting and advisory group. Our Advisory services help to safeguard information assets while supporting business operations.

Nihka Technology Group

Nihka Technology Group

Nihka offers full end-to-end ICT solutions from business optimisation, data centre modernisation, cloud connection and management, and ICT security.

8kSec

8kSec

8kSec is a cybersecurity company specializing in training, consulting, and research.