APT Hackers Turn On China

Uploaded on 2020-04-15 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW

State-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. A well-resourced hacking group with possible ties to South Korea has launched an apparent espionage campaign against the Chinese government as international governments grapple with the COVID-19 pandemic.

An advanced persistent threat group known as DarkHotel has compromised more than 200 virtual private network servers to infiltrate “many” Chinese institutions and government agencies.

Attacks began in March and are believed to be related to the current coronavirus outbreak. Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in servers that are used to provide remote access to enterprise and government networks. Qihoo discovered more than 200 VPN servers that have been hacked in this campaign. The security firm said that 174 of these servers were located on the networks of government agencies in Beijing and Shanghai, and the networks of Chinese diplomatic missions operating abroad. India

In their recent report Qihoo researchers said the entire attack chain was sophisticated. Hackers used the zero-day to gain control over Sangfor VPN servers, where they replaced a file named SangforUD.exe with a booby trapped version. This file is an update for the Sangfor VPN desktop app, which employees install on their computers to connect to Sangfor VPN servers, and inherently to their work networks.

Qihoo researchers said that when workers connected to hacked Sangfor VPN servers, they were provided with an automatic update for their desktop client, but received the booby trapped SangforUD.exe file, which later installed a backdoor Trojan on their devices.

The Chinese security firm said it tracked the attacks to a hacker group known as Darkhotel. The group is believed to operate out of the Korean peninsula, although it is yet unknown if they are based in North or South Korea.The group, which has been operating since 2007, is considered one of today's most sophisticated state-sponsored hacking operations.

What Is Darkhotel?
Darkhotel is an advanced persistent threat gang that operates from East Asia and is behind a long-running series of cyberespionage-focused campaigns against corporate executives, government agencies, defense industry, electronics industry and other important sectors. Its footprints in the cyber realm are all over China, North Korea, Japan, Myanmar, Russia and other countries. Their operations can be traced back to as early as 2007.

This is not the first time that Darkhotel launches an attack on China. Earlier, Qihoo 360 had captured two 0day exploits used by this Peninsula APT gang to target Chinese government’s commercial agencies when Microsoft ended Windows 7 support.

Qihoo360:          Kaspersky:      ZDNet:            CyberScoop:       The CyberWire:      


You Might Also Read: 
 

Darkhotel Deploys Zero-Day From Hacking Team:

« No, 5G Does Not Spread Coronavirus
Pandemic Prevention Using Blockchain »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Acuity Risk Management

Acuity Risk Management

Acuity Risk Management helps businesses worldwide effectively manage, prioritize and report on their risks to inform strategic and tactical decision-making and build long-term resilience.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

IoT Now

IoT Now

IoT Now explores the evolving opportunities and challenges facing CSPs, and we pass on some lessons learned from those who have taken the first steps in next gen IoT services.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

Blockchain Firm

Blockchain Firm

Blockchain Firm is a leading Blockchain based software solutions and service provider with our roots of expertise running deep into the technology.

PizzlySoft

PizzlySoft

PizzlySoft is a global company that is seeking convergence of network and security / software and hardware. We put our value on creating the best security.

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

Institute for Security and Technology (IST)

Institute for Security and Technology (IST)

The Institute for Security and Technology's goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

Intellias

Intellias

Intellias is a trusted technology partner to top-tier organizations and digital natives helping them accelerate their pace of sustainable digitalization.

Telsy

Telsy

Telsy is a security partner for ICT solutions and services. We help you implement effective security solutions that increase your risk mitigation ability and your responsiveness.

ABCsolutions

ABCsolutions

ABCsolutions is dedicated to assisting businesses and professionals achieve compliance with federal anti-money laundering regulations in an intelligent and pragmatic way.

Data#3 Limited (DTL)

Data#3 Limited (DTL)

Data#3 Limited (DTL) is a leading Australian IT services and solutions provider.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

RapidFort

RapidFort

RapidFort’s Software Attack Surface Optimization Platform remediates 95% of software vulnerabilities in minutes without code changes.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.