Security News > 2021 > June > Experts Uncover Yet Another Chinese Spying Campaign Aimed at Southeast Asia

Experts Uncover Yet Another Chinese Spying Campaign Aimed at Southeast Asia
2021-06-04 05:52

The infection chain works by sending decoy documents, impersonating other entities within the government, to multiple members of the Ministry of Foreign Affairs, which, when opened, retrieves a next-stage payload from the attacker's server that contains an encrypted downloader.

The use of weaponized copies of legitimate-looking official documents also suggests that "The attackers first had to attack another department within the targeted state, stealing and weaponizing documents for use against the Ministry of Foreign Affairs," said Lotem Finkelstein, head of threat intelligence at Check Point.

The long-running campaign has been linked with "Medium to high confidence" to a Chinese advanced persistent threat group it calls "SharpPanda" based on test versions of the backdoor dating back to 2018 that were uploaded to VirusTotal from China and the actor's use of Royal Road RTF weaponizer, a tool that been used in campaigns attributed to well-known Chinese threat groups since late 2018.

The development is yet another indication that multiple cyberthreat groups believed to be working in support of China's long-term economic interests are continuing to hammer away at networks belonging to governments and organizations, while simultaneously spending a great deal of time refining the tools in their arsenal in order to hide their intrusions.

"All in all, the attackers, who we believe to be a Chinese threat group, were very systematic in their approach."

"The attackers are not only interested in cold data, but also what is happening on a target's personal computer at any moment, resulting in live espionage. Although we were able to block the surveillance operation for the Southeast Asian government described, it's possible that the threat group is using its new cyber espionage weapon on other targets around the world," he added.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/jUZ6h9BARRM/experts-uncover-yet-another-chinese.html