Security News > 2022 > August > China-linked spies used six backdoors to steal info from defense, industrial enterprise orgs
Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions, according to Kaspersky researchers.
"The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions," the team wrote in a report published on Monday.
Presumably, because these specially-crafted attacks included confidential information about the victim org, it was easier for the attackers to trick some employees into opening the email - and a Microsoft Word document attached to it.
PortDoor malware is a relatively new backdoor believed to be developed by Chinese state-sponsored groups that was also used in a 2021 phishing attack against a Russian-based defense contractor that designs nuclear submarines for the Russian Federation's Navy.
In addition to PortDoor, attackers used six other backdoors to control the infected systems and steal confidential data.
They used the Ladon hacking tool, which combines network scanning, vulnerability searching capabilities, exploitation, password attack, and other nefarious functionality for this lateral movement, we're told.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/09/china_apt_kaspersky/
Related news
- China's Salt Typhoon cyber spies are deep inside US ISPs (source)
- China Possibly Hacking US “Lawful Access” Backdoor (source)
- China’s infosec leads accuse Intel of NSA backdoor, cite chip security flaws (source)
- Intel robustly refutes China's accusations it bakes in NSA backdoors (source)
- Intel hits back at China's accusations it bakes in NSA backdoors (source)