Security News > 2020 > February > Chinese Hackers Target Hong Kong Universities With New Backdoor Variant
The China-linked threat group tracked as Winnti was observed using a new variant of the ShadowPad backdoor in recent attacks targeting Hong Kong universities, ESET's security researchers report.
One month later, the security researchers discovered a new campaign run by the Chinese hackers, targeting two Hong Kong universities with a new variant of the ShadowPad backdoor, the group's flagship tool.
A few weeks prior to discovering the backdoor, the Winnti malware was found on computers at these universities.
The C&C URL format used led the researchers to believe that at least three other Hong Kong universities may have been compromised.
Responding to a SecurityWeek inquiry, ESET researcher Mathieu Tartare revealed that the company did provide assistance to some of the affected universities in remediating the compromise.
News URL
Related news
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Chinese cyberspies backdoor Juniper routers for stealthy access (source)