Home Science & Technology Chinese hackers are targeting government officials in Europe, South America and the...

Chinese hackers are targeting government officials in Europe, South America and the Middle East

84
0


A Chinese hacking group has been linked to a new campaign aimed at infecting government officials in Europe, the Middle East and South America with a modular malware known as PlugX.

Cybersecurity firm Secureworks said it detected intrusions in June and July 2022, demonstrating once again that the adversary is consistently focused on espionage against governments around the world.

“PlugX is a modular malware that communicates with a command and control (C2) server to perform tasks and can download additional plugins to enhance its capabilities beyond simple information gathering,” the Secureworks Counter Threat Unit (CTU) said in a statement. the report shared with The Hacker News.

Cyber ​​security

Bronze President is a Chinese threat actor that has been active since at least July 2018 and is believed to be a likely state group that uses a combination of proprietary and public tools to hack and collect data from its targets.

It is also publicly documented under other names such as HoneyMyte, Mustang Panda, Red Lich, and Temp.Hex. One of the main tools of choice is PlugX, a remote access trojan widely distributed among Chinese hostile groups.

Earlier this year, the group was observed against Russian government officials with an updated version of the PlugX backdoor called Hodur, next to subjects located in Asia, the European Union and the United States

The Secureworks attribution of the latest Bronze President campaign is due to the use of PlugX and attractive policy-themed documents that correspond to regions of strategic importance to China.

Cyber ​​security

Attack chains distribute RAR archive files that contain a Windows Shortcut (.LNK) file that masquerades as a PDF document that, when opened, executes a legitimate file located in an embedded hidden folder embedded in the archive.

This then paves the way for the decoy document to be dropped, and the PlugX payload sets up a save on the infected host.

“BRONZE PRESIDENT demonstrated the ability to pivot quickly for new intelligence-gathering opportunities,” the researchers said. “Organizations in geographic regions of interest to China should closely monitor the activities of this group, particularly organizations affiliated with or acting as government agencies.”

Previous articleCRISPR Therapeutics May Contribute to Cancer
Next articleMarcus Partners closes the largest fund in the amount of $ 650 million – the head of the department of commercial real estate