Security News > 2020 > April > South Korea-Linked Hackers Targeted Chinese Government via VPN Zero-Day
A threat actor linked to South Korea has launched attacks against Chinese government agencies using a zero-day vulnerability affecting a local VPN service, Chinese cybersecurity firm Qihoo 360 reported on Monday.
Qihoo 360 does not directly accuse South Korea of being behind the attacks, but says the threat actor is located in the Korean Peninsula and notes that its victims include North Korea.
According to Qihoo 360, DarkHotel targeted many Chinese institutions starting in March.
The Chinese cybersecurity firm said the attackers served the malware from roughly 200 compromised VPN servers.
A few weeks ago, Qihoo 360 reported that DarkHotel had exploited zero-day vulnerabilities in Firefox and Internet Explorer in attacks aimed at Chinese government organizations.
News URL
Related news
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)