Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

A Look Into Continuous Efforts By Chinese Hackers to Target Foreign Governments

October 2, 2019
in Internet Privacy
A Look Into Continuous Efforts By Chinese Hackers to Target Foreign Governments
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Phishing is still one of the widely used strategies by cybercriminals and espionage groups to gain an initial foothold on the targeted systems.

Though hacking someone with phishing attacks was easy a decade ago, the evolution of threat detection technologies and cyber awareness among people has slowed down the success of phishing and social engineering attacks over the years.

You might also like

Cisco Releases Security Patches for Critical Flaws Affecting its Products

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

Since phishing is more sort of a one-time opportunity for hackers before their victims suspect it and likely won’t fall for the same trick again, sophisticated hacking groups have started putting a lot of effort, time and research to design well-crafted phishing campaigns.

In one such latest campaign discovered by cybersecurity researchers at Check Point, a Chinese hacking group, known as Rancor, has been found conducting very targeted and extensive attacks against Southeast Asian government entities from December 2018 to June 2019.

What’s interesting about this ongoing 7-month long campaign is that over this period, the Rancor group has continuously updated tactics, tools, and procedures (TTP) based on its targets in an effort to come up with phishing email contents and lure documents appear being as convincing as possible.

“The observed attacks started with emails sent on behalf of employees from different government departments, embassies, or government-related entities in a Southeast Asian country,” reads a report published by CheckPoint and privately shared with The Hacker News prior to its release.

“The attackers appeared determined to reach certain targets, as tens of emails were sent to employees under the same ministries. Furthermore, the emails’ origin was likely spoofed to make them seem more reliable.”

Continuously Evolving Tactics, Tools, and Procedures

Researchers discovered different combinations of TTP based on their timeline, delivery, persistence, and payloads, and then combined them into 8 major variants, as listed below in this article.

Each attack variant started with a classic spear-phishing email containing a malicious document designed to run macros and exploit known vulnerabilities to install a backdoor on the victims’ machines and gain full access to the systems.

hacking-tools

Most of the delivery documents in this campaign contained legitimate government-related topics, like instructions for governmental employees, official letters, press releases, surveys, and more, appeared to be sent from other government officials.

Interestingly, as part of the infection chain, in most campaigns, attackers also bring their own legitimate, signed and trusted executables of major antivirus products to side-load malicious DLLs (dynamic link library) files to evade detection, especially from behavioral monitoring products.

hacking

As shown in the illustrations above, the abused legitimate executables belong to antivirus products including a component of Avast antivirus, BitDefender agent and Windows defender.

Web Application Firewall

Though the attack chains involve fileless activities like usage of VBA macros, PowerShell code, and legitimate Windows built-in tools, this campaign is not designed to achieve a fileless approach as the researchers told The Hacker News that other parts of the campaign expose malicious activities to the file system.

“To date, we have not seen such a persistent attack on a government; the same attacks were targeted for 7 months. We believe that the US Government should take note,” researchers warned as the US elections are near.

“To attack the US Government, these Chinese hackers wouldn’t need to change much, except making their lure documents all in English, and include themes that would trigger the interest of the victim so that the victim would open the file.”

Rancor hacking group has previously been found attacking Cambodia and Singapore and continued its operations against entities within the Southeast Asia region, and this time the group has put 7 months of its effort on targeting the Southeast Asian government sector.

“We expect the group to continue to evolve, constantly changing their TTPs in the same manner as we observed throughout the campaign, as well as pushing their efforts to bypass security products and avoid attribution,” the researchers conclude.

To learn more about the Rancor group and its latest campaign, you can head on to the CheckPoint report titled, “Rancor: The Year of the Phish.”


Credit: The Hacker News By: noreply@blogger.com (Swati Khandelwal)

Previous Post

FIFA 20 Fiasco Shows EA Can't Botch Up Its Golden Egg

Next Post

What can you do about the 'unfixable' exploit affecting almost every iPhone and iPad?

Related Posts

Cisco Releases Security Patches for Critical Flaws Affecting its Products
Internet Privacy

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 27, 2021
Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Internet Privacy

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

February 26, 2021
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
Internet Privacy

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

February 26, 2021
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Internet Privacy

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

February 26, 2021
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
Internet Privacy

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021
Next Post
What can you do about the ‘unfixable’ exploit affecting almost every iPhone and iPad?

What can you do about the 'unfixable' exploit affecting almost every iPhone and iPad?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
Top Master’s Programs In Machine Learning In The US
Machine Learning

Top Master’s Programs In Machine Learning In The US

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Machine Learning as a Service (MLaaS) Market 2020 Emerging Trend and Advancement Outlook 2025
Machine Learning

Key Company Profile, Production Revenue, Product Picture and Specifications 2025

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
New AI Machine Learning Reduces Mental Health Misdiagnosis
Machine Learning

Machine Learning May Reduce Mental Health Misdiagnosis

February 28, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill February 28, 2021
  • Top Master’s Programs In Machine Learning In The US February 28, 2021
  • TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit February 28, 2021
  • Key Company Profile, Production Revenue, Product Picture and Specifications 2025 February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates