A ‘FunnyDream’ From China

Uploaded on 2020-11-27 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-Transport & Travel

A state-sponsored Chinese hacking  group named FunnyDream has been using malware to attack hundreds of hotel network systems in Southeast Asia. The malware infections are part of a widespread espionage campaign, according to a report published recently by the experts a Bitdefender

The attacks have primarily targeted Southeast Asian government and private sector organisations and to date around 200 machines have been identified  as showing signs of infection with tools associated with this group. 

A previous  report published by another leading security firm Kaspersky Lab, has identified FunnyDream targets in Malaysia, Taiwan, the Philippines and Vietnam. 

When investigating the FunnyDream group, Bitdfender compiled an attack timeline of how the tools were used when compromising a machine. After piecing all the forensic evidence together, the timeline paints a picture of how all the tools found are tied to each other, serving as a detailed case study into dissecting an APT-style attack. 

Many of the phishing launched by cyber criminals this year have been trying to exploit fears about Coronavirus. The list of attackers includes threat actors such as Kimusky and Lazarus  who are understood to have used COVID-19-themed lures to target their victims. 

While the malware cannot be conclusively attributed to any particular threat actor it might be related to the same group behind the DarkHotel hacking exploit, first  identified by Kaspersky in 2015.

Both Bitdefender and Kaspersky say the group is still active and appears to be primarily interested in spying and data theft, concentrating on stealing sensitive documents from infected hosts, with a special focus on national security and industrial espionage.

FunnyDream operate spear phishing campaigns using highly advanced zero-day exploits that  are effective in getting around the latest Windows and Adobe defences. Their favoured method is to penetrate upscale hotel networks to follow and hit selected targets as they travel around the world. 

These travelers are often top executives from a variety of industries doing business and outsourcing operations in the APAC region. Victims have included CEOs, senior vice presidents, sales and marketing directors and top R&D staff. and the hotel network intrusion format provides the attackers with precise global scale access to high value targets. 

Bitdefender:   Kaspersky SecureList:     ZD Net:      Kaspersky SecureList

You Might Also Read:  

The Risks Of Remote Working

 

« Cyber Security Has Become Critical For National Security
NCSC Come Off Bench To Help Manchester United »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Octopus Cybercrime Community

Octopus Cybercrime Community

The Octopus Community is a platform for information sharing and cooperation on cybercrime and electronic evidence.

Securi-Tay

Securi-Tay

Securi-Tay is an information Security conference held by the Ethical Hacking Society at Abertay University, Dundee.

Indium Software

Indium Software

Indium Software is an Independent Software Testing Company offering software testing services (including security testing) and offshore Quality Assurance solutions.

Cybellum

Cybellum

Cybellum brings the entire product security workflow into one dedicated platform, allowing device manufacturers to keep the connected products they build cyber-secure and cyber-compliant.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

Trusona

Trusona

Trusona is a pioneer and leader in passwordless two-factor authentication (2FA).

Cloud Box Technologies

Cloud Box Technologies

Cloud Box Technologies is one of the premier IT Infrastructure Solution providers in the Middle East.

Dhound

Dhound

Dhound is a cybersecurity company providing web application penetration testing.

IN4 Group

IN4 Group

IN4 Group is a skills, innovation and start-up services provider that specialises in supporting businesses with the training, communities, networks and advice they need to scale.

Seccuri

Seccuri

Seccuri is a unique global cybersecurity talent tech platform. Use our specialized AI algorithm to grow and improve the cybersecurity workforce.

Kompleye

Kompleye

Kompleye is a recognized cybersecurity and compliance audit organization that offer a comprehensive solution for different industries.

Anura

Anura

The world’s most accurate ad fraud solution protects your web assets by eliminating bots, malware and human fraud, ensuring your content is seen by real people.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

5S Technologies

5S Technologies

5S Technologies is a regional IT solutions and services provider based in Cary, NC and serving the Carolinas.

iConnect IT Business Solutions DMCC

iConnect IT Business Solutions DMCC

iConnect is a trusted IT Solutions and Technology Services company, proudly serving clients across the Middle East and Africa.

TorchLight

TorchLight

TorchLight designs and manages cybersecurity that moves at the speed of opportunity to defend against business risks and illuminate the path to security.