A ‘FunnyDream’ From China

Uploaded on 2020-11-27 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-Transport & Travel

A state-sponsored Chinese hacking  group named FunnyDream has been using malware to attack hundreds of hotel network systems in Southeast Asia. The malware infections are part of a widespread espionage campaign, according to a report published recently by the experts a Bitdefender

The attacks have primarily targeted Southeast Asian government and private sector organisations and to date around 200 machines have been identified  as showing signs of infection with tools associated with this group. 

A previous  report published by another leading security firm Kaspersky Lab, has identified FunnyDream targets in Malaysia, Taiwan, the Philippines and Vietnam. 

When investigating the FunnyDream group, Bitdfender compiled an attack timeline of how the tools were used when compromising a machine. After piecing all the forensic evidence together, the timeline paints a picture of how all the tools found are tied to each other, serving as a detailed case study into dissecting an APT-style attack. 

Many of the phishing launched by cyber criminals this year have been trying to exploit fears about Coronavirus. The list of attackers includes threat actors such as Kimusky and Lazarus  who are understood to have used COVID-19-themed lures to target their victims. 

While the malware cannot be conclusively attributed to any particular threat actor it might be related to the same group behind the DarkHotel hacking exploit, first  identified by Kaspersky in 2015.

Both Bitdefender and Kaspersky say the group is still active and appears to be primarily interested in spying and data theft, concentrating on stealing sensitive documents from infected hosts, with a special focus on national security and industrial espionage.

FunnyDream operate spear phishing campaigns using highly advanced zero-day exploits that  are effective in getting around the latest Windows and Adobe defences. Their favoured method is to penetrate upscale hotel networks to follow and hit selected targets as they travel around the world. 

These travelers are often top executives from a variety of industries doing business and outsourcing operations in the APAC region. Victims have included CEOs, senior vice presidents, sales and marketing directors and top R&D staff. and the hotel network intrusion format provides the attackers with precise global scale access to high value targets. 

Bitdefender:   Kaspersky SecureList:     ZD Net:      Kaspersky SecureList

You Might Also Read:  

The Risks Of Remote Working

 

« Cyber Security Has Become Critical For National Security
NCSC Come Off Bench To Help Manchester United »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Tripwire

Tripwire

Tripwire are a leading provider of risk-based security, compliance and vulnerability management solutions.

GigaOm

GigaOm

GigaOm's mission is to provide enterprises with information and analysis to help them make better decisions about technology.

Kirkland & Ellis

Kirkland & Ellis

Kirkland & Ellis LLP is an international law firm with offices in the USA, Europe and Asia. Practice areas include Data Security & Privacy.

CYBERPOL

CYBERPOL

CYBERPOL's mission is to facilitate the widest possible mutual assistance between all cyber crime law enforcement authorities to help mitigate global cyber threats.

Bulletproof Cyber

Bulletproof Cyber

Bulletproof offer a range of security services, from penetration testing and vulnerability assessments to 24/7 security monitoring, and consultancy.

Junglemap

Junglemap

Junglemap provide nanolearning training courses on ransomware, information security and GDPR.

Tabidus Technology

Tabidus Technology

Tabidus Technology is a cybersecurity association that unites and provides the global protection options against cyber threats.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

Assure IT

Assure IT

Assure IT is a Singapore company specialising in technology governance, risk and compliance.

Moss Adams

Moss Adams

Moss Adams is a fully integrated professional services firm dedicated to assisting clients with growing, managing, and protecting prosperity.

Coralogix

Coralogix

Coralogix are rebuilding the path to observability using a real-time streaming analytics pipeline that provides monitoring, visualization, and alerting capabilities without the burden of indexing.

CFTS

CFTS

CFTS 'Computer Facilities Technical Services' is a Ugandan ICT Support Company that specialises in infrastructure and support services including network security.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.

Intertec Systems

Intertec Systems

Intertec Systems is an award-winning, global IT solutions and services provider that specializes in digital transformation, cybersecurity, sustainability, and cloud services.

Nova Microsystems

Nova Microsystems

Nova's mission is to revolutionize cybersecurity through continuous data analysis and dynamic AI-driven encryption.

CrashPlan

CrashPlan

CrashPlan provides peace of mind through secure, scalable, and straightforward endpoint data backup.