Security News > 2022 > November > Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines
A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector.
The reliance on infected USB drives to propagate the malware is unusual if not new.
The Raspberry Robin worm, which has evolved into an initial access service for follow-on attacks, is known to use USB drives as an entry point.
The threat intelligence and incident response firm said that the attacks led to the deployment of three new malware families dubbed MISTCLOAK, DARKDEW, and BLUEHAZE, alongside Ncat, the latter of which is a command-line networking utility that's used to create a reverse shell on the victim system.
MISTCLOAK, for its part, gets activated when a user plugs in a compromised removable device to a system, acting as a launchpad for an encrypted payload called DARKDEW that's capable of infecting removable drives, effectively proliferating the infections.
"The malware self-replicates by infecting new removable drives that are plugged into a compromised system, allowing the malicious payloads to propagate to additional systems and potentially collect data from air-gapped systems," the researchers explained.
News URL
http://thehackernews.com/2022/11/chinese-cyber-espionage-hackers-using.html
Related news
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' (source)
- FBI confirms China-linked cyber espionage involving breached telecom providers (source)