Security News > 2023 > March > Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies

Attack chains mounted by the group commence with a spear-phishing email to deploy a wide range of tools for backdoor access, command-and-control, and data exfiltration.

These messages come bearing with malicious lure archives distributed via Dropbox or Google Drive links that employ DLL side-loading, LNK shortcut files, and fake file extensions as arrival vectors to obtain a foothold and drop backdoors like TONEINS, TONESHELL, PUBLOAD, and MQsTTang.

"The files can then be extracted inside via the password provided in the document," the researchers said.

Other utilities deployed include CLEXEC, a backdoor capable of executing commands and clearing event logs; COOLCLIENT and TROCLIENT, implants that are designed to record keystrokes as well as read and delete files; and PlugX. "Apart from well-known legitimate tools, the threat actors also crafted highly customized tools used for exfiltration," the researchers noted.

The findings once again highlight the increased operational tempo of Chinese cyber espionage actors and their consistent investment in advancing their cyber weaponry to evade detection.

"Earth Preta is a capable and organized threat actor that is continuously honing its TTPs, strengthening its development capabilities, and building a versatile arsenal of tools and malware," the researchers concluded.

News URL

https://thehackernews.com/2023/03/researchers-uncover-chinese-nation.html