Security News > 2022 > February > Chinese Hackers Target Taiwanese Financial Institutions with a new Stealthy Backdoor
A Chinese advanced persistent threat group has been targeting Taiwanese financial institutions as part of a "Persistent campaign" that lasted for at least 18 months.
The intrusions, whose primary intent was espionage, resulted in the deployment of a backdoor called xPack, granting the adversary extensive control over compromised machines, Broadcom-owned Symantec said in a report published last week.
What's notable about this campaign is the amount of time the threat actor lurked on victim networks, affording the operators ample opportunity for detailed reconnaissance and exfiltrate potentially sensitive information pertaining to business contacts and investments without raising any red flags.
In one of the unnamed financial organizations, the attackers spent close to 250 days between December 2020 and August 2021, while a manufacturing entity had its network under their watch for roughly 175 days.
The threat actor used C++-based custom loaders as well as a combination of legitimate off-the-shelf tools such as AnyDesk and living-off-the-land techniques to gain remote access, dump credentials, and execute arbitrary commands.
The findings add to a growing list of China-linked nation-state groups that have targeted Taiwan in recent months, what with malicious cyber activities mounted by threat actors tracked as Tropic Trooper and Earth Lusca striking government, healthcare, transportation, and educational institutions in the country.
News URL
https://thehackernews.com/2022/02/chinese-hackers-target-taiwanese.html
Related news
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (source)
- macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users (source)
- Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Chinese hackers linked to cybercrime syndicate arrested in Singapore (source)