Security News > 2023 > June > Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor
Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023.
The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican.
"Flea used a large number of tools in this campaign," the company said in a report shared with The Hacker News, describing the threat actor as "Large and well-resourced." "As well as the new Graphican backdoor, the attackers leveraged a variety of living-off-the-land tools, as well as tools that have been previously linked to Flea.".
Graphican is said to be an evolution of a known Flea backdoor called Ketrican, features from which have since been merged with another implant known as Okrum to spawn a new malware dubbed Ketrum.
"The use of a new backdoor by Flea shows that this group, despite its long years of operation, continues to actively develop new tools," Symantec said.
"The similarities in functionality between Graphican and the known Ketrican backdoor may indicate that the group is not very concerned about having activity attributed to it."
News URL
https://thehackernews.com/2023/06/chinese-hacker-group-flea-targets.html
Related news
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- A “cascade” of errors let Chinese hackers into US government inboxes (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Hackers Target Middle East Governments with Evasive "CR4T" Backdoor (source)