Security News > 2021 > April > China-Linked 'Cycldek' Hackers Target Vietnamese Government, Military
China-linked cyber-espionage group Cycldek is showing increasing sophistication in a series of recent attacks targeting government and military entities in Vietnam, according to a report from anti-malware vendor Kaspersky.
The more recent attacks, Kaspersky says, show further increase in sophistication.
Running between June 2020 and January 2021, the campaign relied on an infection chain that used DLL side-loading to deliver malicious code that would eventually deploy a remote access Trojan to provide the attackers with full control over compromised machines.
As part of an attack against a high-profile Vietnamese organization, a legitimate component from Microsoft Outlook was being abused to load a DLL that would run a shellcode that was acting as a loader for the FoundCore RAT. Once deployed, the malware would start four processes: one to establish persistence as a service, the second to hide the first process, the third to prevent access to the malicious file, and the fourth to establish connection to the command and control server.
The malware includes support for a variety of commands, allowing for file system manipulation, process manipulation, execution of arbitrary commands, and screenshot grabbing.
Other malware delivered as part of the attacks are DropPhone and CoreLoader.