Security News > 2021 > April > Chinese Cyberspies Target Military Organizations in Asia With New Malware
A cyber-espionage group believed to be sponsored by the Chinese government has been observed targeting military organizations in Southeast Asia in attacks involving previously undocumented malware, Bitdefender reported on Wednesday.
The group has been known to focus on government and military organizations.
Last year, after its activity was exposed, Naikon made a similar move: it switched to a new backdoor, although it continued to use previously known malware for the first stages of attack.
The latest campaign ran between June 2019 and March 2021, and one of the new backdoors, dubbed RainyDay, was first used in attacks in September 2020, Bitdefender says.
The similarities are not surprising, considering that Chinese threat actors are known to be sharing infrastructure and tools, and because Naikon was previously observed using exploits attributed to other threat groups, in an attempt to evade detection.
As part of the latest attacks, the adversary also deployed a second new backdoor called Nebulae, likely as a precautionary measure.
News URL
Related news
- Chinese hackers infect Dutch military network with malware (source)
- Chinese Coathanger malware hung out to dry by Dutch defense department (source)
- Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network (source)
- Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks (source)
- Chinese PC-maker Acemagic customized its own machines to get infected with malware (source)
- Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (source)