Home Security Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East

by


Sep 05, 2024Ravie LakshmananMalware / Human Rights

Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023.

“Sighting this group’s [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them,” Kaspersky security researcher Sherif Magdy said.

The Russian cybersecurity vendor said it detected the activity in June 2024 upon discovering a new version of the China Chopper web Shell, a tool shared by many Chinese-speaking threat actors for remote access to compromised servers, on a public web server hosting an open-source content management system (CMS) called Umbraco.

Cybersecurity

The attack chain is designed to deliver a malware implant named Crowdoor, a variant of the SparrowDoor backdoor documented by ESET back in September 2021. The efforts were ultimately unsuccessful.

Tropic Trooper, also known by the names APT23, Earth Centaur, KeyBoy, and Pirate Panda, is known for its targeting of government, healthcare, transportation, and high-tech industries in Taiwan, Hong Kong, and the Philippines. The Chinese-speaking collective has been assessed to be active since 2011, sharing close ties with another intrusion set tracked as FamousSparrow.

The latest intrusion highlighted by Kaspersky is significant for compiling the China Chopper web shell as a .NET module of Umbraco CMS, with follow-on exploitation leading to the deployment of tools for network scanning, lateral movement, and defense evasion, before launching Crowdoor using DLL side-loading techniques.

Chinese-Speaking Hacker Group

It’s suspected that the web shells are delivered by exploiting known security vulnerabilities in publicly accessible web applications, such as Adobe ColdFusion (CVE-2023-26360) and Microsoft Exchange Server (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207).

Crowdoor, first observed in June 2023, also functions as a loader to drop Cobalt Strike and maintain persistence on the infected hosts, while also acting as a backdoor to harvest sensitive information, launch a reverse shell, erase other malware files, and terminate itself.

Cybersecurity

“When the actor became aware that their backdoors were detected, they tried to upload newer samples to evade detection, thereby increasing the risk of their new set of samples being detected in the near future,” Magdy noted.

“The significance of this intrusion lies in the sighting of a Chinese-speaking actor targeting a content management platform that published studies on human rights in the Middle East, specifically focusing on the situation around the Israel-Hamas conflict.”

“Our analysis of this intrusion revealed that this entire system was the sole target during the attack, indicating a deliberate focus on this specific content.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex