Security News > 2023 > August > China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign

Active since 2019, some of the prominent sectors targeted by the prolific actor encompass academia, aerospace, government, media, telecommunications, and research.

A majority of the victims during the period were government organizations.

The group has since been linked to exploitation of Log4Shell flaws as well as attacks aimed at telecommunications, academia, research and development, and government organizations in Nepal, the Philippines, Taiwan, and Hong Kong to deploy backdoors for long-term access.

Attack chains mounted by RedHotel have weaponized public-facing applications for initial access, followed by employing a combination of offensive security tools like Cobalt Strike and Brute Ratel C4 and bespoke malware families such as FunnySwitch, ShadowPad, Spyder, and Winnti.

In one late 2022 campaign, RedHotel is said to have leveraged a stolen code signing certificate belonging to a Taiwanese gaming company to sign a DLL file responsible for loading BRc4. The post-exploitation toolkit, for its part, is configured to communicate with abused compromised Vietnamese government infrastructure.

The development comes as the Washington Post reported that Chinese hackers had "Deep, persistent access" to classified defense networks in Japan, prompting the U.S. National Security Agency, which discovered the breach in late 2020, to personally report the matter to government officials.

News URL

https://thehackernews.com/2023/08/china-linked-hackers-strike-worldwide.html