Security News > 2021 > June > Chinese Hackers Using Previously Unknown Backdoor

A previously unknown Windows backdoor enables remote access and the collection of considerable live data - but only during Chinese working hours.

Researchers from Check Point Research report that opening the attachment starts a chain of in-memory loaders leading to the delivery of the previously unknown backdoor.

The backdoor has the internal name 'VictoryDll x86.

"Every few weeks, the attackers used spear-phishing emails, laced with weaponized versions of government-themed documents, to try and create a foothold into the Ministry of Foreign affairs of the target country. This means that the attackers first had to attack another department within the targeted state, stealing and weaponizing documents for use against the Ministry of Foreign Affairs. All in all, the attackers, who we believe to be a Chinese threat group, were very systematic in their approach."

"Ultimately, our investigation led to the discovery of a new Windows backdoor, in other words a new cyber espionage weapon, that the Chinese threat group has been developing since 2017," continued Finkelsteen.

"The backdoor was formed and reformed time and time again over the course of three years, before it was used in the wild. This backdoor is far more intrusive and capable of collecting a vast amount of data from an infected computer. We learned that the attackers are not only interested in cold data, but also what is happening on a target's personal computer at any moment, resulting in live espionage."

News URL

http://feedproxy.google.com/~r/securityweek/~3/yIP6sDKLty8/chinese-hackers-using-previously-unknown-backdoor