Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Chinese Hackers Escalate Attacks Against India and Hong Kong Amid Tensions

July 22, 2020
in Internet Privacy
Chinese Hackers Escalate Attacks Against India and Hong Kong Amid Tensions
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

An emerging threat actor out of China has been traced to a new hacking campaign aimed at government agencies in India and residents of Hong Kong intending to steal sensitive information, cybersecurity firm Malwarebytes revealed in the latest report shared with The Hacker News.

The attacks were observed during the first week of July, coinciding the passage of controversial security law in Hong Kong and India’s ban of 59 China-made apps over privacy concerns, weeks after a violent skirmish along the Indo-China border.

You might also like

Cisco Releases Security Patches for Critical Flaws Affecting its Products

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

Attributing the attack with “moderate confidence” to a new Chinese APT group, Malwarebytes said they were able to track their activities based on the “unique phishing attempts” designed to compromise targets in India and Hong Kong.

The operators of the APT group have leveraged at least three different Tactics, Techniques, and Procedures (TTPs), using spear-phishing emails to drop variants of Cobalt Strike and MgBot malware, and bogus Android applications to gather call records, contacts, and SMS messages.

“The lures used in this campaign indicate that the threat actor may be targeting the Indian government and individuals in Hong Kong, or at least those who are against the new security law issued by China,” the firm said.

Using Spear-Phishing to Install MgBot Malware

The first variant, observed on July 2, alerted recipients with the “gov.in” domain stating some of their email addresses had been leaked and that they are to complete a security check before July 5.

The emails come attached with a “Mail security check.docx” purportedly from the Indian Government Information Security Center. Upon opening, it employs template injection to download a remote template and execute a heavily obfuscated variant of Cobalt Strike.

chinese hackers india

But a day after the aforementioned attack, the operators swapped out the malicious Cobalt Strike payload for an updated version of MgBot malware.

And in the third version seen in the wild on July 5, the researchers observed the APT using an entirely different embedded document with a statement about Hong Kong from the UK Prime Minister Boris Johnson allegedly promising to admit three million Hong Kongers to the country.

The malicious commands to download and drop the loader — which are encoded within the documents — are executed using the dynamic data exchange (DDE) protocol, an interprocess communication system that allows data to be communicated or shared between Windows applications.

A RAT With Several Capabilities

The dropped loader (“ff.exe”) masquerades as a Realtek Audio Manager tool and contains four embedded resources, two of which are written in Simplified Chinese.

This, along with the use of DDE and template injection, suggests the campaign could be the handiwork of a China-based threat actor, given the prior history of attacks that took advantage of the same TTPs.

Subsequently, the loader escalates its privileges through a CMSTP bypass before installing the final payload, while also taking steps to avoid detection by debuggers and security software.

To thwart static analysis, “the code is self modifying which means it alters its code sections during runtime,” the researchers said.

“It uses ‘GetTickCount’ and ‘QueryPerformanceCounter’ API calls to detect the debugger environment. To detect if it is running in a virtual environment, it uses anti-vm detection instructions such as ‘sldt’ and ‘cpid’ that can provide information about the processor and also checks Vmware IO ports (VMXH).”

Ultimately, it’s this final malware executable (“pMsrvd.dll”) that’s used to conduct the malicious activities, which it does by posing as a “Video Team Desktop App.”

chinese hackers

Not only is the bundled remote administration Trojan (RAT) capable of establishing a connection to a remote command-and-control (C2) server located in Hong Kong, it has the ability to capture keystrokes, screenshots, and manage files and processes.

What’s more, the researchers also found several malicious Android applications as part of the group’s toolset that comes equipped with RAT features, such as audio and screen recording and functions to triangulate a phone’s location and exfiltrate contacts, call logs, SMS, and web history.

Interestingly, it appears this new China APT group has been active at least since 2014, with its TTPs linked to at least three different attacks in 2014, 2018, and March 2020. In all their campaigns, the actor used a variant of MgBot to meet its objectives.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Reinforcement Learning Starts to Deliver on Its Promise

Next Post

DOJ indicts two Chinese hackers for attempted IP theft of COVID-19 research

Related Posts

Cisco Releases Security Patches for Critical Flaws Affecting its Products
Internet Privacy

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 27, 2021
Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Internet Privacy

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

February 26, 2021
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
Internet Privacy

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

February 26, 2021
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Internet Privacy

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

February 26, 2021
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
Internet Privacy

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021
Next Post
DOJ indicts two Chinese hackers for attempted IP theft of COVID-19 research

DOJ indicts two Chinese hackers for attempted IP theft of COVID-19 research

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Python vs R! Which one should you choose for data Science
Data Science

Python vs R! Which one should you choose for data Science

February 28, 2021
Can Java be used for machine learning and data science?
Machine Learning

Can Java be used for machine learning and data science?

February 28, 2021
These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
The Time-Series Ecosystem – Data Science Central
Data Science

The Time-Series Ecosystem – Data Science Central

February 28, 2021
Accurate classification of COVID‐19 patients with different severity via machine learning – Sun – 2021 – Clinical and Translational Medicine
Machine Learning

Accurate classification of COVID‐19 patients with different severity via machine learning – Sun – 2021 – Clinical and Translational Medicine

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Python vs R! Which one should you choose for data Science February 28, 2021
  • Can Java be used for machine learning and data science? February 28, 2021
  • These four new hacking groups are targeting critical infrastructure, warns security company February 28, 2021
  • The Time-Series Ecosystem – Data Science Central February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates