Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Hackers From China Target Vietnamese Military and Government

April 6, 2021
in Internet Privacy
Hackers Set Up a Fake Cybersecurity Firm to Target Security Experts
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam.

The attacks have been attributed with low confidence to the advanced persistent threat (APT) called Cycldek (or Goblin Panda, Hellsing, APT 27, and Conimes), which is known for using spear-phishing techniques to compromise diplomatic targets in Southeast Asia, India, and the U.S. at least since 2013.

You might also like

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

What Does It Take To Be a Cybersecurity Researcher?

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

According to researchers from Kaspersky, the offensive, which was observed between June 2020 and January 2021, leverages a method called DLL side-loading to execute shellcode that decrypts a final payload dubbed “FoundCore.”

password auditor

DLL side-loading has been a tried-and-tested technique used by various threat actors as an obfuscation tactic to bypass antivirus defenses. By loading malicious DLLs into legitimate executables, the idea is to mask their malicious activity under a trusted system or software process.

In this infection chain revealed by Kaspersky, a legitimate component from Microsoft Outlook loads a malicious library called “outlib.dll,” which “hijacks the intended execution flow of the program to decode and run a shellcode placed in a binary file, rdmin.src.”

What’s more, the malware comes with an extra layer designed explicitly to safeguard the code from security analysis and make it difficult to reverse-engineer. To achieve this, the threat actor behind the malware is said to have scrubbed most of the payload’s header, while leaving the rest with incoherent values.

http://thehackernews.com/

Kaspersky said the method “signals a major advancement in sophistication for attackers in this region.”

Besides giving the attackers full control over the compromised device, FoundCore comes with capabilities to run commands for file system manipulation, process manipulation, capturing screenshots, and arbitrary command execution. Infections involving FoundCore were also found to download two additional malware. The first, DropPhone, gathers environment-related information from the victim machine and exfiltrates it to DropBox, while the second, CoreLoader, runs code that enables the malware to thwart detection by security products.

password auditor

The cybersecurity firm theorized the attacks originate with a spear-phishing campaign or other precursor infections, which trigger the download of decoy RTF documents from a rogue website, ultimately leading to the deployment of FoundCore.

Among dozens of affected organizations, 80% of them are based in Vietnam and belong to the government or military sector, or are otherwise related to the health, diplomacy, education, or political verticals, with other victims, occasionally spotted in Central Asia and Thailand.

“No matter which group orchestrated this campaign, it constitutes a significant step up in terms of sophistication,” the researchers concluded. “Here, they’ve added many more layers of obfuscation and significantly complicated reverse engineering.”

“And this signals that these groups may be looking to expand their activities. Right now, it may seem as if this campaign is more of a local threat, but it’s highly likely the FoundCore backdoor will be found in more countries in different regions in the future,” said Kaspersky senior security researcher Mark Lechtik.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

DSC Weekly Digest 05 April 2021

Next Post

FBI, CISA warn Fortinet FortiOS vulnerabilities are being actively exploited

Related Posts

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data
Internet Privacy

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

April 13, 2021
What Does It Take To Be a Cybersecurity Researcher?
Internet Privacy

What Does It Take To Be a Cybersecurity Researcher?

April 12, 2021
Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
Internet Privacy

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

April 12, 2021
Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business
Internet Privacy

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

April 10, 2021
Next Post
FBI, CISA warn Fortinet FortiOS vulnerabilities are being actively exploited

FBI, CISA warn Fortinet FortiOS vulnerabilities are being actively exploited

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Criminals spread malware using website contact forms with Google URLs
Internet Security

Criminals spread malware using website contact forms with Google URLs

April 13, 2021
Trends in custom software development in 2021
Data Science

Trends in custom software development in 2021

April 13, 2021
A.I. For Raspberry Pi Pico: Uctronics TinyML Learning Kit Review
Machine Learning

A.I. For Raspberry Pi Pico: Uctronics TinyML Learning Kit Review

April 13, 2021
BERT Transformers — How Do They Work? | by James Montantes | Apr, 2021
Neural Networks

BERT Transformers — How Do They Work? | by James Montantes | Apr, 2021

April 13, 2021
Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
Internet Security

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

April 13, 2021
Epoch and Map of the Energy Transition through the Consensus Validator
Data Science

Epoch and Map of the Energy Transition through the Consensus Validator

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Criminals spread malware using website contact forms with Google URLs April 13, 2021
  • Trends in custom software development in 2021 April 13, 2021
  • A.I. For Raspberry Pi Pico: Uctronics TinyML Learning Kit Review April 13, 2021
  • BERT Transformers — How Do They Work? | by James Montantes | Apr, 2021 April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates