Security News > 2020 > April > South Korea-Linked Hackers Targeted Chinese Government via VPN Zero-Day
A threat actor linked to South Korea has launched attacks against Chinese government agencies using a zero-day vulnerability affecting a local VPN service, Chinese cybersecurity firm Qihoo 360 reported on Monday.
Qihoo 360 does not directly accuse South Korea of being behind the attacks, but says the threat actor is located in the Korean Peninsula and notes that its victims include North Korea.
According to Qihoo 360, DarkHotel targeted many Chinese institutions starting in March.
The Chinese cybersecurity firm said the attackers served the malware from roughly 200 compromised VPN servers.
A few weeks ago, Qihoo 360 reported that DarkHotel had exploited zero-day vulnerabilities in Firefox and Internet Explorer in attacks aimed at Chinese government organizations.
News URL
Related news
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers (source)