Security News > 2021 > April > Chinese Hackers Attacking Military Organizations With New Backdoor
![Chinese Hackers Attacking Military Organizations With New Backdoor](/static/build/img/news/chinese-hackers-attacking-military-organizations-with-new-backdoor.jpg)
Bad actors with suspected ties to China have been behind a wide-ranging cyberespionage campaign targeting military organizations in Southeast Asia for nearly two years, according to new research.
Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing missions.
"Starting with September 2020, the threat actors included the RainyDay backdoor in their toolkit. The purpose of this operation was cyberespionage and data theft."
While initially assumed to have gone off the radar since first exposed in 2015, evidence emerged to the contrary last May when the adversary was spotted using a new backdoor called "Aria-Body" to stealthily break into networks and leverage the compromised infrastructure as a command-and-control server to launch additional attacks against other organizations.
The new wave of attacks identified by Bitdefender employed RainyDay as the primary backdoor, with the actors using it to conduct reconnaissance, deliver additional payloads, perform lateral movement across the network, and exfiltrate sensitive information.
Called "FoundCore," the backdoor was attributed to a Chinese-speaking actor named Cycldek as part of a cyberespionage campaign directed against government and military organizations in Vietnam.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/RkNn6-LJ5CA/chinese-hackers-attacking-military.html
Related news
- Chinese hackers hide on military and govt networks for 6 years (source)
- Iranian hackers pose as journalists to push backdoor malware (source)
- Poland says Russian military hackers target its govt networks (source)
- Kimsuky hackers deploy new Linux backdoor via trojanized installers (source)
- Kimsuky hackers deploy new Linux backdoor in attacks on South Korea (source)
- Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries (source)
- Chinese hackers breached 20,000 FortiGate systems worldwide (source)
- 20,000 FortiGate appliances compromised by Chinese hackers (source)
- Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor (source)
- Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign (source)