A ‘FunnyDream’ From China

Uploaded on 2020-11-27 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-Transport & Travel

A state-sponsored Chinese hacking  group named FunnyDream has been using malware to attack hundreds of hotel network systems in Southeast Asia. The malware infections are part of a widespread espionage campaign, according to a report published recently by the experts a Bitdefender

The attacks have primarily targeted Southeast Asian government and private sector organisations and to date around 200 machines have been identified  as showing signs of infection with tools associated with this group. 

A previous  report published by another leading security firm Kaspersky Lab, has identified FunnyDream targets in Malaysia, Taiwan, the Philippines and Vietnam. 

When investigating the FunnyDream group, Bitdfender compiled an attack timeline of how the tools were used when compromising a machine. After piecing all the forensic evidence together, the timeline paints a picture of how all the tools found are tied to each other, serving as a detailed case study into dissecting an APT-style attack. 

Many of the phishing launched by cyber criminals this year have been trying to exploit fears about Coronavirus. The list of attackers includes threat actors such as Kimusky and Lazarus  who are understood to have used COVID-19-themed lures to target their victims. 

While the malware cannot be conclusively attributed to any particular threat actor it might be related to the same group behind the DarkHotel hacking exploit, first  identified by Kaspersky in 2015.

Both Bitdefender and Kaspersky say the group is still active and appears to be primarily interested in spying and data theft, concentrating on stealing sensitive documents from infected hosts, with a special focus on national security and industrial espionage.

FunnyDream operate spear phishing campaigns using highly advanced zero-day exploits that  are effective in getting around the latest Windows and Adobe defences. Their favoured method is to penetrate upscale hotel networks to follow and hit selected targets as they travel around the world. 

These travelers are often top executives from a variety of industries doing business and outsourcing operations in the APAC region. Victims have included CEOs, senior vice presidents, sales and marketing directors and top R&D staff. and the hotel network intrusion format provides the attackers with precise global scale access to high value targets. 

Bitdefender:   Kaspersky SecureList:     ZD Net:      Kaspersky SecureList

You Might Also Read:  

The Risks Of Remote Working

 

« Cyber Security Has Become Critical For National Security
NCSC Come Off Bench To Help Manchester United »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Reed Smith LLP

Reed Smith LLP

Reed Smith LLP is an international law firm with offices in the USA, Europe, Middle East and Asia. Practice areas include Information Technology, Privacy & Data Security.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Netresec

Netresec

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Innovative Solutions (IS)

Innovative Solutions (IS)

Innovative Solutions is a specialized professional services company delivering Information Security products and solutions for Saudi Arabia and the Gulf region.

Adyta

Adyta

Adyta specializes in cybersecurity solutions adapted to the needs of sovereign institutions, business groups and other organizations that handle information and sensitive or classified data.

AlertSec

AlertSec

AlertSec Ensure is a U.S. patented technology that allows you to educate, verify and enforce encryption compliance of third-party devices.

Kinetic Investments

Kinetic Investments

Kinetic Investments is a venture capital firm dedicated to early-stage companies that are transforming the digital landscape.

Cybeta

Cybeta

Cybeta's actionable cybersecurity intelligence keeps your business safe with strategic and operational security recommendations that prevent breaches.

Cyber Skyline

Cyber Skyline

Cyber Skyline is a revolutionary cloud platform to practice, develop, and measure your team's technical cybersecurity skills.

blueAllianceIT

blueAllianceIT

blueAlliance IT is an investment and growth platform that unites local MSP and IT companies around the nation, helping them to grow and operate competitively.

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL) is the largest integrated Information Communication Technology (ICT) company of Pakistan.

Kiteworks

Kiteworks

Kiteworks (formerly Accellion) creates a dedicated Private Content Network that ensures zero-trust private content protection and compliance.

Cryptr

Cryptr

Cryptr provides plug and play authentication to manage all your authentication strategies in one place with just a few lines of code.

Frontal

Frontal

Frontal is a specialized unit in Blockchain and Web3.0 cybersecurity. Securing Digital Assets, Cryptocurrency, DeFi, Blockchain and Web3.0 ecosystem.

RAH Infotech

RAH Infotech

RAH Infotech is India’s leading value added distributor and solutions provider in the Network and Security domain. We are specialists in Enterprise and App Security and Application Delivery.