APT Hackers Turn On China

Uploaded on 2020-04-15 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW

State-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. A well-resourced hacking group with possible ties to South Korea has launched an apparent espionage campaign against the Chinese government as international governments grapple with the COVID-19 pandemic.

An advanced persistent threat group known as DarkHotel has compromised more than 200 virtual private network servers to infiltrate “many” Chinese institutions and government agencies.

Attacks began in March and are believed to be related to the current coronavirus outbreak. Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in servers that are used to provide remote access to enterprise and government networks. Qihoo discovered more than 200 VPN servers that have been hacked in this campaign. The security firm said that 174 of these servers were located on the networks of government agencies in Beijing and Shanghai, and the networks of Chinese diplomatic missions operating abroad. India

In their recent report Qihoo researchers said the entire attack chain was sophisticated. Hackers used the zero-day to gain control over Sangfor VPN servers, where they replaced a file named SangforUD.exe with a booby trapped version. This file is an update for the Sangfor VPN desktop app, which employees install on their computers to connect to Sangfor VPN servers, and inherently to their work networks.

Qihoo researchers said that when workers connected to hacked Sangfor VPN servers, they were provided with an automatic update for their desktop client, but received the booby trapped SangforUD.exe file, which later installed a backdoor Trojan on their devices.

The Chinese security firm said it tracked the attacks to a hacker group known as Darkhotel. The group is believed to operate out of the Korean peninsula, although it is yet unknown if they are based in North or South Korea.The group, which has been operating since 2007, is considered one of today's most sophisticated state-sponsored hacking operations.

What Is Darkhotel?
Darkhotel is an advanced persistent threat gang that operates from East Asia and is behind a long-running series of cyberespionage-focused campaigns against corporate executives, government agencies, defense industry, electronics industry and other important sectors. Its footprints in the cyber realm are all over China, North Korea, Japan, Myanmar, Russia and other countries. Their operations can be traced back to as early as 2007.

This is not the first time that Darkhotel launches an attack on China. Earlier, Qihoo 360 had captured two 0day exploits used by this Peninsula APT gang to target Chinese government’s commercial agencies when Microsoft ended Windows 7 support.

Qihoo360:          Kaspersky:      ZDNet:            CyberScoop:       The CyberWire:      


You Might Also Read: 
 

Darkhotel Deploys Zero-Day From Hacking Team:

« No, 5G Does Not Spread Coronavirus
Pandemic Prevention Using Blockchain »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

GreyCampus

GreyCampus

GreyCampus is a leading provider of training for working professionals in the areas of Project Management, Big Data, Data Science, Service Management, Quality Management and Information Security.

SecureThings

SecureThings

SecureThings focus is to provide guidance and technology to secure connected vehicles in order to build end-to-end security for the automotive industry.

High Security Center (HSC)

High Security Center (HSC)

High Security Center provide real-time threat protection. We protect your company from targeted and persistent attacks using technologies such as Machine Learning and Behavioral Analysis.

EVOKE

EVOKE

EVOKE is an award-winning Digital Transformation company that partners with its clients to build digital workplace solutions for organizational challenges.

SecureTech360

SecureTech360

SecureTech360 is a cybersecurity and IT consulting firm whose principals have extensive experience in Cybersecurity and Information Technology.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Bright Security

Bright Security

Bright Security is a developer-centric Dynamic Application Security Testing (DAST) solution that helps organizations ship secure applications and APIs quickly and cost-effectively.

OX Security

OX Security

OX is a DevOps software supply chain security solution. Teams can verify the integrity and security of every artifact using a pipeline bill of materials (PBOM).

Vaultinum

Vaultinum

Vaultinum are a trusted independent third party specialized in the protection and audit of digital assets.

Coffee Cup Solutions

Coffee Cup Solutions

We offer a full spectrum of IT Services, from our UK based Helpdesk to IT Consultancy and Cyber Security. Our team has the skills and experience to develop, deliver and manage IT for your business.

Entech

Entech

Entech is a managed IT service provider. We work behind the scenes on your network to ensure data security and integrity.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

Jot Digital

Jot Digital

Jot Digital is a full-service technology company specializing in digital engineering, application modernization and business transformation.

TerraEagle

TerraEagle

Terraeagle is a boutique cyber security services company providing tailor-made solutions. Our core competency is in SOCaaS, MDRaaS & and Incident Response Retainer Services.

Point3 Security

Point3 Security

Point3 Security is a premier information security organization that provides the industry with the talent screening and analytical tools to enhance its workforce.