Home Security 17 Nations Hit in 3-Yr Cyber Marketing campaign

17 Nations Hit in 3-Yr Cyber Marketing campaign

by crpt os


Aug 09, 2023THNCyber Espionage / Cyber Attacks

Hackers associated with China’s Ministry of State Security (MSS) have been linked to attacks in 17 different countries in Asia, Europe, and North America from 2021 to 2023.

Cybersecurity firm Recorded Future attributed the intrusion set to a nation-state group it tracks under the name RedHotel (previously Threat Activity Group-22 or TAG-222), which overlaps with a cluster of activity broadly monitored as Aquatic Panda, Bronze University, Charcoal Typhoon, Earth Lusca, and Red Scylla (or Red Dev 10).

Active since 2019, some of the prominent sectors targeted by the prolific actor encompass academia, aerospace, government, media, telecommunications, and research. A majority of the victims during the period were government organizations.

“RedHotel has a dual mission of intelligence gathering and economic espionage,” the cybersecurity company said, calling out its persistence, operational intensity, and global reach. “It targets both government entities for traditional intelligence and organizations involved in COVID-19 research and technology R&D.”

Cybersecurity

Trend Micro, in early January 2022, described the adversary as a “highly-skilled and dangerous threat actor mainly motivated by cyberespionage and financial gain.”

Cyber Campaign

The group has since been linked to exploitation of Log4Shell flaws as well as attacks aimed at telecommunications, academia, research and development, and government organizations in Nepal, the Philippines, Taiwan, and Hong Kong to deploy backdoors for long-term access.

Attack chains mounted by RedHotel have weaponized public-facing applications for initial access, followed by employing a combination of offensive security tools like Cobalt Strike and Brute Ratel C4 (BRc4) and bespoke malware families such as FunnySwitch, ShadowPad, Spyder, and Winnti.

Cybersecurity

A noteworthy aspect of the actor’s modus operandi is the use of a multi-tiered infrastructure, each focusing on initial reconnaissance and long-term network access via command-and-control servers. It predominantly utilizes NameCheap for domain registration.

In one late 2022 campaign, RedHotel is said to have leveraged a stolen code signing certificate belonging to a Taiwanese gaming company to sign a DLL file responsible for loading BRc4. The post-exploitation toolkit, for its part, is configured to communicate with abused compromised Vietnamese government infrastructure.

Cyber Campaign

“RedHotel has exemplified a relentless scope and scale of wider PRC state-sponsored cyber-espionage activity by maintaining a high operational tempo and targeting public and private sector organizations globally,” Recorded Future said.

The development comes as the Washington Post reported that Chinese hackers had “deep, persistent access” to classified defense networks in Japan, prompting the U.S. National Security Agency (NSA), which discovered the breach in late 2020, to personally report the matter to government officials.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex