![]() Recorded Future said RedAlpha likely targeted Taiwan-based organisations and human rights groups to gather intelligence on the self-governing democracy and ethnic and religious minority groups, respectively. RedAlpha targeted the organisations with emails containing PDFs that, once clicked, would lead to a fake portal page used to collect their login credentials, the Massachusetts-based cybersecurity firm said. Those targeted for “credential-phishing” since 2019 include the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), the American Institute in Taiwan, Taiwan’s ruling Democratic Progressive Party (DPP), and India’s National Informatics Centre, according to Recorded Future. ![]() The group, known as RedAlpha, has specialised in stealing login details from individuals in organisations considered to be of strategic interest to Beijing, according to the report released by cybersecurity firm Recorded Future. “While none of the techniques observed in this campaign is new or unique, the combination of the different tactics, and the variety of infection chains resulting in low detection rates, enabled the threat actors to stay under the radar for quite a while,” warned Check Point.Taipei, Taiwan – A hacking group suspected of acting on behalf of the Chinese government has carried out a multi-year espionage campaign against numerous governments, NGOs, think-tanks and news agencies, according to a new report. Palo Alto Networks released a lengthy report on the malware in 2021.Ĭheck Point said it was tracking the campaign as SmugX and said it “overlaps with previously reported activity by Chinese APT actors RedDelta and Mustang Panda.” PlugX has also been discovered on USB drives being used to target people in Mongolia, Papua New Guinea, Ghana, Zimbabwe, and Nigeria. The PlugX malware itself remained a recognizable variant of the tool, which has previously been used by multiple suspected Chinese threat groups, including to target the Vatican in 2020, an Indonesian intelligence service in 2021 and Ukraine in 2022. HTML smuggling is a hacking technique that has been used in various forms for years, exploiting HTML features to conceal data and files from automated content filters by including them as JavaScript blobs that get reassembled on the target’s machine. These lures included a letter allegedly originating from the Serbian Embassy in Budapest, a document stating the priorities of the Swedish presidency of the Council of the European Union, and an article about two Chinese human rights lawyers sentenced to more than a decade in prison. Samples of lures posted to the VirusTotal malware repository had filenames that “strongly suggest that the intended victims were diplomats and government entities,” according to Check Point, while the lure material itself “contained diplomatic-related content,” which “in more than one case … was directly related to China.” The hackers were spotted using a new delivery method to deploy the modular PlugX malware implant, effectively smuggling it inside HTML documents, something which Check Point warned had “until recently helped the campaign fly under the radar.” The espionage campaign “represents a larger trend within the Chinese ecosystem, pointing to a shift to targeting European entities, with a focus on their foreign policy,” researchers from Check Point said Monday. ![]() Chinese hackers target European embassies with HTML smuggling techniqueĬhinese cyber spies have been targeting the foreign affairs ministries and embassies of European states in recent months, according to new research.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |