Security News > 2020 > January > China's Winnti hackers (apparently): Forget the money, let's get political and start targeting Hong Kong students for protest info
A Chinese hacking crew which had previously been focusing on industrial and commercial attacks has now involved itself in efforts to suppress protests in Hong Kong.
Researchers at security shop ESET say the Winnti Group, a hacking operation believed to be backed by the Chinese government, has begun targeting the networks and accounts of at least five universities in Hong Kong.
The aim of these intrusions, ESET believes, is to gather intelligence and disrupt protests by students at those universities, as Hong Kong continues to deal with civil unrest between pro-democracy protesters and the mainland government.
According to the ESET team, the Winnti hackers have been using their namesake malware trojan - first documented back in 2013 - to get into the university PCs and drop a backdoor called ShadowPad. From there, it is believed the hackers comb the infected machines for information relating to the ongoing protests.
The protester attacks are a departure from what the Winnti hackers usually focus on.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/31/winnti_hackers_students/
Related news
- China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)
- Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (source)
- China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices (source)
- China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion (source)