Security News > 2023 > July > Undiplomatic Chinese threat actor attacks embassies and foreign affairs departments
2023-07-04 05:29
Infosec outfit Checkpoint says it's spotted a Chinese actor targeting diplomatic facilities around Europe.
Checkpoint has dubbed the campaign "SmugX" thanks to its use of HTML smuggling to deploy the PlugX remote access trojan.
PlugX phones home using RC4 encryption to mask its output.
Checkpoint recently linked the latter gang's activities to another China-adjacent campaign targeting European interests.
"SmugX is part of a larger trend we're seeing of Chinese threat actors shifting their focus to Europe," according to Checkpoint.
Thankfully the PlugX payload has not change markedly, meaning detection and defense measures are known quantities.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/07/04/smugx_europe_china_attack_europe/
Related news
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Outsmarting Cyber Threats with Attack Graphs (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)