Security News > 2022 > November > Chinese hackers target government agencies and defense orgs
A cyberespionage threat actor tracked as Billbug has been running a campaign targeting a certificate authority, government agencies, and defense organizations in several countries in Asia.
Symantec hasn't determined how Billbug gains initial access to the target networks but they have seen evidence of this happening by exploiting public-facing apps with known vulnerabilities.
Like in previous campaigns attributed to Billbug, the actor combines tools that are already present on the target system, publicly available utilities, and custom malware.
These tools help hackers blend with innocuous daily activity, avoid suspicious log traces or raising alarms on security tools, and generally make attribution efforts harder.
A more rarely deployed open-source tool seen in recent Billbug operations is Stowaway, a Go-based multi-level proxy tool that helps pentesters bypass network access restrictions.
Billbug continues to use the same custom backdoors with minimal changes over the past years.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool (source)
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization (source)
- Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks (source)
- Chinese hackers breach US local governments using Cityworks zero-day (source)
- Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies (source)
- Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks (source)