Cybersecurity News Espionage

Chinese Hackers Deploy Cyber Espionage in Asian and East European Nations

Chinese hackers use cyber espionage to steal sensitive information from four East European countries and send the data back through Chinese servers.

ByEditorial

PublishedAugust 10, 2022

A cyberattack targeting Asian and European countries, including Ukraine, Russia, Belarus, and Afghanistan, was discovered by Kaspersky researchers. The attack has been connected to cyber espionage, which was conducted to infiltrate governmental and military institutions in east European countries.

According to the report, the techniques used in the attack were highly linked to malicious actors known as TA428, a Chinese malware known to have previously attacked organizations in Asia and Eastern Europe.

The attack was discovered in January 2022 and successfully compromised networks in target countries’ organizations. The target industries included industrial plants, government agencies, and government ministries.

The attackers’ goal

According to Kaspersky, the attack analysis indicates that the attackers’ priority was “cyber espionage,” a form of cyber spying attack where the attackers attempt to access sensitive information from a government body or organization to gain economic and political advantages.

The Chinese hackers used spear phishing emails to conduct cyber espionage and exploited the CVE-2017-11882 Microsoft Office vulnerability to deploy PortDoor malware.

The researchers were able to track back the attack because, in April 2021, PortDoor was again used by the Chinese-backed hackers to hack into the system of a defense contractor that designs submarines for the Russian Navy.

The Chinese hacker organization has a history of attacking government institutions using malware strains tied to TA428 and has also used nccTrojan, Logtu, Cotx, DNSep, and a more recent variant of the malware called CotSam.

Stolen data traced back to China

The attackers searched through the organization’s data, per reports, and sent the confidential files via command-and-control (C2) servers. They used passport-protected zip archives to send the data through a Chinese IP address, which helped the researchers trace back the attackers. The analysis also revealed that the same “C2 servers” path had previously been used in operations launched by other Chinese APT groups.

4 Comments

vibenews US Offers $10 Million Bounty on Conti Ransomware Gang
August 12, 2022 at 3:22 pm

[…] is a powerful ransomware behind many high-profile cyber-attacks, including the famous data theft of Graff, a premium London-based jewelry brand. It has also […]
vibenews Cloned Applications: New Threat to Your Systems
August 13, 2022 at 5:02 pm

[…] attacks are done by hacking and using the source code, certificates or server of a genuine app and hiding malware using this […]
vibenews Experts Observe Cyberespionage By Hackers Linked to China
August 18, 2022 at 4:37 am

[…] hackers are known as ‘RedAlpha’ whom the researchers associated with the Chinese government because the espionage target falls in line with the strategic interests of the Chinese Communist […]
vibenews MagicWeb: New Post-Compromise Malware Detected
August 30, 2022 at 6:20 am

[…] organizations among others. MagicWeb is reported to have infected the US, Europe, and Central Asia […]

Comments are closed.

Recent Posts

Chinese Hacker Groups Surge Cyber Espionage Activities Against US

Chuck Schumer Urges Feds to Address Rising Cyberattacks on US Citizens

Russian Hackers Target Government, Threaten to Leak Confidential Data

5G Rollout in India, Experts Warn of Potential 5G SIM Frauds

Ferrari Hacked! Leaves the racing division embarrassed