Security News > 2022 > March > Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion

A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict.

"The malicious activity represents one of the first public examples of a Chinese threat actor targeting Ukraine since the invasion began," SentinelOne researcher Tom Hegel said in a report published this week.

SentinelOne's analysis follows an advisory from Ukraine's Computer Emergency Response Team earlier this week outlining a spear-phishing campaign that leads to the delivery of a RAR archive file, which comes with an executable that's designed to open a decoy file while stealthily dropping a malicious DLL called HeaderTip in the background.

"If the attackers successfully compromise the victims' computers, then they use a basic backdoor threat called Trojan.Scieron to drop Trojan.Scieron.B onto the computer," Symantec researchers noted at the time.

HeaderTip's connections to Scarab come from malware and infrastructure overlaps to that of Scieron, with SentinelOne calling the latter a predecessor of the newly discovered backdoor.

"Based on known targets since 2020, including those against Ukraine in March 2022, in addition to specific language use, we assess with moderate confidence that Scarab is Chinese speaking and operating under geopolitical intelligence collection purposes," Hegel said.

News URL

https://thehackernews.com/2022/03/another-chinese-hacking-group-spotted.html