Security News > 2022 > April > Researchers Trace Widespread Espionage Attacks Back to Chinese 'Cicada' Hackers

A Chinese state-backed advanced persistent threat group known for singling out Japanese entities has been attributed to a new long-running espionage campaign targeting new geographies, suggesting a "Widening" of the threat actor's targeting.
"Victims in this Cicada campaign include government, legal, religious, and non-governmental organizations in multiple countries around the world, including in Europe, Asia, and North America," researchers from the Symantec Threat Hunter Team, part of Broadcom Software, said in a report shared with The Hacker News.
"There is a strong focus on victims in the government and NGO sectors, with some of these organizations working in the areas of religion and education," Brigid O. Gorman, senior information developer at the Symantec Threat Hunter Team, told The Hacker News.
Most of the targeted organizations are located in the U.S., Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy, alongside one victim in Japan, with the adversary spending as long as nine months on the networks of some of these victims.
In March 2021, Kaspersky researchers took the wraps off an intelligence-gathering operation undertaken by the group to deploy information-gathering implants from a number of industry sectors located in Japan.
"The sorts of organizations targeted - nonprofits and government organizations, including those involved in religious and education activity - are most likely to be of interest to the group for espionage purposes. The sort of activity we see on victim machines and past Cicada activity also all point to the motivation behind this campaign being espionage."
News URL
https://thehackernews.com/2022/04/researchers-trace-widespread-espionage.html
Related news
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Chinese Weaver Ant hackers spied on telco network for 4 years (source)
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps (source)