Security News > 2023 > July > Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor
Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign.
"Patchwork relied on a range of elaborate fictitious personas to socially engineer people into clicking on malicious links and downloading malicious apps," the social media giant said.
"These apps contained relatively basic malicious functionality with the access to user data solely reliant on legitimate app permissions granted by the end user. Notably, Patchwork created a fake review website for chat apps where they listed the top five communication apps, putting their own, attacker-controlled app at the top of the list."
EyeShell, detected alongside BADNEWS, is a a.NET-based modular backdoor that comes with capabilities to establish contact with a remote command-and-control server and execute commands to enumerate files and directories, downloading and uploading files to and from the host, execute a specified file, delete files, and capture screenshots.
The findings come as the cybersecurity company also detailed another wave of phishing attacks orchestrated by a group called Bitter aimed at aerospace, military, large enterprises, national government affairs, and universities in the country with a new backdoor known as ORPCBackdoor.
The South Asian threat actor was previously detected targeting the nuclear energy industry in China with malware downloaders delivered via CHM and Microsoft Excel Files that are designed to create persistence and retrieve further payloads.
News URL
https://thehackernews.com/2023/07/patchwork-hackers-target-chinese.html
Related news
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- Chinese hackers target Linux with new WolfsBane malware (source)