Security News > 2021 > April > Hackers From China Target Vietnamese Military and Government

Hackers From China Target Vietnamese Military and Government
2021-04-06 00:47

A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam.

According to researchers from Kaspersky, the offensive, which was observed between June 2020 and January 2021, leverages a method called DLL side-loading to execute shellcode that decrypts a final payload dubbed "FoundCore."

DLL side-loading has been a tried-and-tested technique used by various threat actors as an obfuscation tactic to bypass antivirus defenses.

Besides giving the attackers full control over the compromised device, FoundCore comes with capabilities to run commands for file system manipulation, process manipulation, capturing screenshots, and arbitrary command execution.

Infections involving FoundCore were also found to download two additional malware.

The cybersecurity firm theorized the attacks originate with a spear-phishing campaign or other precursor infections, which trigger the download of decoy RTF documents from a rogue website, ultimately leading to the deployment of FoundCore.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/yRLDSpQms2c/hackers-from-china-target-vietnamese.html