Security News > 2020 > February > Chinese Hackers Target Hong Kong Universities With New Backdoor Variant
The China-linked threat group tracked as Winnti was observed using a new variant of the ShadowPad backdoor in recent attacks targeting Hong Kong universities, ESET's security researchers report.
One month later, the security researchers discovered a new campaign run by the Chinese hackers, targeting two Hong Kong universities with a new variant of the ShadowPad backdoor, the group's flagship tool.
A few weeks prior to discovering the backdoor, the Winnti malware was found on computers at these universities.
The C&C URL format used led the researchers to believe that at least three other Hong Kong universities may have been compromised.
Responding to a SecurityWeek inquiry, ESET researcher Mathieu Tartare revealed that the company did provide assistance to some of the affected universities in remediating the compromise.
News URL
Related news
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- A “cascade” of errors let Chinese hackers into US government inboxes (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Hackers Target Middle East Governments with Evasive "CR4T" Backdoor (source)
- Iranian hackers pose as journalists to push backdoor malware (source)