Security News > 2022 > June > Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor

An "Extremely sophisticated" Chinese-speaking advanced persistent threat actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks.

"Such attacks are especially dangerous and devastating because they do not require any interaction with the target to lead to a successful infection."

Subsequent attack campaigns have used the malware to target Japanese entities, with isolated infections reported in Austria, Germany, India, Russia, and the U.S. Other tools that are part of the adversary's malware arsenal include PlugX and its successor ShadowPad, both of which have been used by a variety of Chinese threat actors to enable their strategic objectives.

"The only way to explain these seemingly impossible network behaviors is by assuming the existence of a man-on-the-side attacker who is able to intercept all network traffic and even modify it if needed," the company said.

A man-on-the-side attack, similar to a man-in-the-middle attack, enables a rogue interloper to read and inject arbitrary messages into a communications channel, but not modify or delete messages sent by other parties.

"No matter how the attack has been carried out, the only way for potential victims to defend themselves is to remain extremely vigilant and have robust security procedures, such as regular antivirus scans, analysis of outbound network traffic, and extensive logging to detect anomalies."

News URL

https://thehackernews.com/2022/06/chinese-luoyu-hackers-using-man-on-side.html