Security News > 2022 > February > Chinese Hackers Target Taiwanese Financial Institutions with a new Stealthy Backdoor

A Chinese advanced persistent threat group has been targeting Taiwanese financial institutions as part of a "Persistent campaign" that lasted for at least 18 months.

The intrusions, whose primary intent was espionage, resulted in the deployment of a backdoor called xPack, granting the adversary extensive control over compromised machines, Broadcom-owned Symantec said in a report published last week.

What's notable about this campaign is the amount of time the threat actor lurked on victim networks, affording the operators ample opportunity for detailed reconnaissance and exfiltrate potentially sensitive information pertaining to business contacts and investments without raising any red flags.

In one of the unnamed financial organizations, the attackers spent close to 250 days between December 2020 and August 2021, while a manufacturing entity had its network under their watch for roughly 175 days.

The threat actor used C++-based custom loaders as well as a combination of legitimate off-the-shelf tools such as AnyDesk and living-off-the-land techniques to gain remote access, dump credentials, and execute arbitrary commands.

The findings add to a growing list of China-linked nation-state groups that have targeted Taiwan in recent months, what with malicious cyber activities mounted by threat actors tracked as Tropic Trooper and Earth Lusca striking government, healthcare, transportation, and educational institutions in the country.

News URL

https://thehackernews.com/2022/02/chinese-hackers-target-taiwanese.html