Security News > 2022 > January > German govt warns of APT27 hackers backdooring business networks
The BfV German domestic intelligence services warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group.
This active campaign is targeting German commercial organizations, with the attackers using the HyperBro remote access trojans to backdoor their networks.
"The Federal Office for the Protection of the Constitution has information about an ongoing cyber espionage campaign by the cyber attack group APT27 using the malware variant HYPERBRO against German commercial companies," the BfV said.
The BfV also published indicators of compromise and YARA rules to help targeted German organizations to check for HyperBro infections and connections to APT27 command-and-control servers.
The German intelligence agency says APT27 has been exploiting flaws in Zoho AdSelf Service Plus software, an enterprise password management solution for Active Directory and cloud apps, since March 2021.
This aligns with previous reports of Zoho ManageEngine installations being the target of multiple campaigns in 2021, coordinated by nation-state hackers using tactics and tooling similar to those employed by APT27.