Security News > 2021 > April > Hackers From China Target Vietnamese Military and Government
A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam.
According to researchers from Kaspersky, the offensive, which was observed between June 2020 and January 2021, leverages a method called DLL side-loading to execute shellcode that decrypts a final payload dubbed "FoundCore."
DLL side-loading has been a tried-and-tested technique used by various threat actors as an obfuscation tactic to bypass antivirus defenses.
Besides giving the attackers full control over the compromised device, FoundCore comes with capabilities to run commands for file system manipulation, process manipulation, capturing screenshots, and arbitrary command execution.
Infections involving FoundCore were also found to download two additional malware.
The cybersecurity firm theorized the attacks originate with a spear-phishing campaign or other precursor infections, which trigger the download of decoy RTF documents from a rogue website, ultimately leading to the deployment of FoundCore.
News URL
Related news
- China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices (source)
- China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion (source)
- Poland says Russian military hackers target its govt networks (source)
- China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT (source)
- Chinese hackers hide on military and govt networks for 6 years (source)
- Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries (source)
- China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally (source)
- China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices (source)
- 4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree (source)