Security News > 2023 > July > Undiplomatic Chinese threat actor attacks embassies and foreign affairs departments
2023-07-04 05:29
Infosec outfit Checkpoint says it's spotted a Chinese actor targeting diplomatic facilities around Europe.
Checkpoint has dubbed the campaign "SmugX" thanks to its use of HTML smuggling to deploy the PlugX remote access trojan.
PlugX phones home using RC4 encryption to mask its output.
Checkpoint recently linked the latter gang's activities to another China-adjacent campaign targeting European interests.
"SmugX is part of a larger trend we're seeing of Chinese threat actors shifting their focus to Europe," according to Checkpoint.
Thankfully the PlugX payload has not change markedly, meaning detection and defense measures are known quantities.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/07/04/smugx_europe_china_attack_europe/
Related news
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- Australian IT Pros Urged to Guard Against Chinese Cybersecurity Threats (source)
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)