Security News > 2022 > August > Chinese hackers use new Windows malware to backdoor govt, defense orgs

An extensive series of attacks detected in January used new Windows malware to backdoor government entities and organizations in the defense industry from several countries in Eastern Europe.

Kaspersky linked the campaign with a Chinese APT group tracked as TA428, known for its information theft and espionage focus and attacking organizations in Asia and Eastern Europe [1, 2, 3, 4]. The threat actors successfully compromised the networks of dozens of targets, sometimes even taking control of their entire IT infrastructure by hijacking systems used to manage security solutions.

In the following stages of the attack, the group installed additional malware linked to TA428 in the past, as well as a never before seen malware strain named CotSam.

Like the other families used in this campaign, the new backdoor allows the attackers to collect and steal system information and files from compromised systems.

Evidence connecting this campaign to TA428 includes significant overlaps in tactics, techniques, and procedures with the group's previous activity, the same exploit for delivering the initial malware payload used in other attacks against Russian targets, malicious tools commonly used by Chinese threat actors, and dozens of connections to infected systems during Chinese business hours.

The researchers also identified malware and C2 servers previously used in attacks linked by other vendors to this Chinese APT group.

News URL

https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-windows-malware-to-backdoor-govt-defense-orgs/