Security News > 2022 > August > Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers
A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations.
The adversary's consistent targeting of think tanks and humanitarian organizations over the past three years falls in line with the strategic interests of the Chinese government, the report added.
The impersonated domains, which also include legitimate email and storage service providers like Yahoo!, Google, and Microsoft, are subsequently used to target proximate organizations and individuals to facilitate credential theft.
Attack chains start with phishing emails containing PDF files that embed malicious links to redirect users to rogue landing pages that mirror the email login portals for the targeted organizations.
The domains used in the credential-phishing activity have been found hosting generic login pages for popular email providers such as Outlook, alongside emulating other email software such as Zimbra used by these specific organizations.
" , coupled with the identification of likely China-based operators, indicates a likely Chinese state-nexus to RedAlpha activity," the researchers said.
News URL
https://thehackernews.com/2022/08/researchers-link-multi-year-mass.html
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Hackers steal 15,000 cloud credentials from exposed Git config files (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)