Security News > 2020 > April > South Korea-Linked Hackers Targeted Chinese Government via VPN Zero-Day
A threat actor linked to South Korea has launched attacks against Chinese government agencies using a zero-day vulnerability affecting a local VPN service, Chinese cybersecurity firm Qihoo 360 reported on Monday.
Qihoo 360 does not directly accuse South Korea of being behind the attacks, but says the threat actor is located in the Korean Peninsula and notes that its victims include North Korea.
According to Qihoo 360, DarkHotel targeted many Chinese institutions starting in March.
The Chinese cybersecurity firm said the attackers served the malware from roughly 200 compromised VPN servers.
A few weeks ago, Qihoo 360 reported that DarkHotel had exploited zero-day vulnerabilities in Firefox and Internet Explorer in attacks aimed at Chinese government organizations.
News URL
Related news
- Kimsuky hackers deploy new Linux backdoor in attacks on South Korea (source)
- A “cascade” of errors let Chinese hackers into US government inboxes (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- MITRE says state hackers breached its network via Ivanti zero-days (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)