Security News > 2020 > September > China-Linked 'BlackTech' Hackers Start Targeting U.S.

China-Linked 'BlackTech' Hackers Start Targeting U.S.
2020-09-29 14:38

The China-linked BlackTech cyber-spies have adopted new malicious tools in recent attacks, and they have started targeting the United States, Symantec security researchers revealed on Tuesday.

Despite the use of undocumented malware, other artefacts observed in these attacks, including the use of previously employed infrastructure, suggest that the BlackTech threat actor is behind them.

In addition to the new backdoors, the hackers leveraged a custom loader and a network reconnaissance tool, along with dual-use tools, such as Putty, PSExec, SNScan, and WinRAR. Furthermore, the threat actor signed the payloads in these attacks with stolen code-signing certificates, a tactic it was observed employing before.

A total of five victims were identified in these attacks, including organizations in media, electronics, and finance based in Taiwan, an engineering company in Japan, and a construction company in China.

Although the first activity associated with the recent campaign started in August 2019, the attackers were able to maintain presence in the compromised networks for a long time: activity associated with the attack was observed on compromised machines within the media company's network in August 2020.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/fBOel6-xGhM/china-linked-blacktech-hackers-start-targeting-us