• World CyberCon India
Cybersecurity News Espionage

Chinese Hackers Deploy Cyber Espionage in Asian and East European Nations

Chinese hackers use cyber espionage to steal sensitive information from four East European countries and send the data back through Chinese servers.

Chinese Hackers Deploy Cyber Espionage in Asian and East European Nations
  • PublishedAugust 10, 2022

A cyberattack targeting Asian and European countries, including Ukraine, Russia, Belarus, and Afghanistan, was discovered by Kaspersky researchers. The attack has been connected to cyber espionage, which was conducted to infiltrate governmental and military institutions in east European countries.

According to the report, the techniques used in the attack were highly linked to malicious actors known as TA428, a Chinese malware known to have previously attacked organizations in Asia and Eastern Europe.

The attack was discovered in January 2022 and successfully compromised networks in target countries’ organizations. The target industries included industrial plants, government agencies, and government ministries.

The attackers’ goal

According to Kaspersky, the attack analysis indicates that the attackers’ priority was “cyber espionage,” a form of cyber spying attack where the attackers attempt to access sensitive information from a government body or organization to gain economic and political advantages.

The Chinese hackers used spear phishing emails to conduct cyber espionage and exploited the CVE-2017-11882 Microsoft Office vulnerability to deploy PortDoor malware.

The researchers were able to track back the attack because, in April 2021, PortDoor was again used by the Chinese-backed hackers to hack into the system of a defense contractor that designs submarines for the Russian Navy.

The Chinese hacker organization has a history of attacking government institutions using malware strains tied to TA428 and has also used nccTrojan, Logtu, Cotx, DNSep, and a more recent variant of the malware called CotSam.

Stolen data traced back to China

The attackers searched through the organization’s data, per reports, and sent the confidential files via command-and-control (C2) servers. They used passport-protected zip archives to send the data through a Chinese IP address, which helped the researchers trace back the attackers. The analysis also revealed that the same “C2 servers” path had previously been used in operations launched by other Chinese APT groups.

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.


Comments are closed.