Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Chinese APT suspected of supply chain attack on Mongolian government agencies

December 13, 2020
in Internet Security
Chinese APT suspected of supply chain attack on Mongolian government agencies
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image via Joromo

A Chinese state-sponsored hacking group, also known as an APT, is suspected of having breached a Mongolian software company and compromised a chat app used by hundreds of Mongolian government agencies.

The attack is believed to have taken place earlier this year, in June, according to a report published today by Slovak security firm ESET.

You might also like

Brave browser disables Google’s FLoC tracking system

These new vulnerabilities put millions of IoT devices at risk, so patch now

Who do I pay to get the ‘phone’ removed from my iPhone?

The hackers targeted an app called Able Desktop, developed by a local company named Able Software. According to the company’s website, the app is an add-on that provides instant messaging capabilities to the company’s main product, a human resources management (HRM) platform.

Able Software claims its platform is used by more than 430 Mongolian government agencies, including the Office of the President, the Ministry of Justice, the Ministry of Health, various local law enforcement agencies, and many local governments.

Software abused by hackers since at least 2018

ESET says that because of its widespread use among government workers, the app has been at the center of several malware distribution efforts since at least 2018.

Initial attacks revolved around adding malware to the Able Desktop chat app and spreading a trojanized version of the app’s installer via email, hoping to trick employees into infecting themselves.

Payloads in these attacks included the HyperBro backdoor and the PlugX remote access trojan.

But while these attacks were successful, ESET says that things changed in June 2020, when the attackers appear to have found a way inside Able’s backend and compromised the system that delivers software updates to all Able software app.

ESET researchers say attackers abused this system on at least two occasions to deliver a malware-laced Able Desktop chat app through the official update mechanism.

For these attacks, the intruders again delivered the HyperBro backdoor, but they changed from PlugX to Tmanager as the remote access component.

able-desktop-app-timeline.png

Image: ESET

At the time of writing, it is unclear if the attackers used the compromised Able update feature to install malware on all the systems they could reach or if they only went after selected targets.

Beyond notifying Able Software, ESET was unable to provide such details.

Furthermore, ESET wasn’t able to pinpoint the attack on a particular group, as all the malware strains used in the attacks had been previously used by different China-linked APTs, such as LuckyMouse and TA428, but also to a collection of server infrastructure known as ShadowPad — itself linked to many more other Chinese APTs like CactusPete, TICK, IceFog, KeyBoy, and the umbrella group Winnti.

ESET believes these groups are either collaborating, using the same tools, or are subgroups part of a larger threat actor that controls their operations and targeting.

able-desktop-apt-connections.png

Image: ESET

Besides the ESET report, cyber-security firm Avast also published its own report on these attacks, also linking the perpetrators back to China and classifying the attacks as cyber-espionage.

Credit: Zdnet

Previous Post

AI needs to face up to its invisible-worker problem

Next Post

Indian-origin researcher discovers new machine-learning method to filter fake news on social media

Related Posts

Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
Criminals spread malware using website contact forms with Google URLs
Internet Security

Criminals spread malware using website contact forms with Google URLs

April 13, 2021
Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
Internet Security

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

April 13, 2021
Next Post
Indian-origin researcher discovers new machine-learning method to filter fake news on social media

Indian-origin researcher discovers new machine-learning method to filter fake news on social media

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Internet Privacy

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

April 13, 2021
Machine Learning Approach In Fantasy Sports: Cricket
Machine Learning

Machine Learning Approach In Fantasy Sports: Cricket

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome
Data Science

6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Brave browser disables Google’s FLoC tracking system April 13, 2021
  • New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices April 13, 2021
  • Machine Learning Approach In Fantasy Sports: Cricket April 13, 2021
  • These new vulnerabilities put millions of IoT devices at risk, so patch now April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates