Stay updated with breaking news from கோப்ளின் பாண்டா. Get real-time updates on events, politics, business, and more. Visit us for reliable news and exclusive interviews.
New Chinese Malware Targeted Russia s Largest Nuclear Submarine Designer A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces. The phishing attack, which singled out a general director working at the Rubin Design Bureau, leveraged the infamous Royal Road Rich Text Format (RTF) weaponizer to deliver a previously undocumented Windows backdoor dubbed PortDoor, according to Cybereason s Nocturnus threat intelligence team. Portdoor has multiple functionalities, including the ability to do reconnaissance, target profiling, delivery of additional payloads, privilege escalation, process manipulation static detection antivirus evasion, one-byte XOR encryption, AES-encrypted data exfiltration and more, the researchers said in a write-up on Friday. ....
By Ionut Arghire on April 29, 2021 A cyber-espionage group believed to be sponsored by the Chinese government has been observed targeting military organizations in Southeast Asia in attacks involving previously undocumented malware, Bitdefender reported on Wednesday. Linked to the Chinese People’s Liberation Army (PLA) over half a decade ago, the advanced persistent threat (APT) was revealed last year to have conducted a five-year stealth campaign against targets in Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar, and Brunei. The group has been known to focus on government and military organizations. Although reports on Naikon’s activity were so far published only in 2015 and 2020, the persistent APT has been quietly operational for at least a decade, making changes to its infrastructure and toolset to ensure it can stay under the radar. ....
Hackers caught targeting Vietnam government portals By Luu Quy April 10, 2021 | 11:49 am GMT+7 The National Cyber Security Center said it has discovered and foiled a number of attempted cyberattacks on Vietnamese government portals by the China-linked Cycldek hacker group. It said the advanced persistent threat (APT) hacker group is also known as Goblin Panda, Hellsing, APT27, and 1937CN. The Department of Information Security joined hands with Internet service providers to block multiple attacks in March after receiving information from the center that Cycldek was trying to penetrate computer systems in Vietnam, Thailand and Central Asian countries. After identifying the evasion techniques the hacker group used, the NCSC contacted eight Internet service providers in Vietnam and told them to block all the IPs and domains it sent in a list to prevent cyberattacks. ....
Hackers From China Target Vietnamese Military and Government A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. The attacks have been attributed with low confidence to the advanced persistent threat (APT) called Cycldek (or Goblin Panda, Hellsing, APT 27, and Conimes), which is known for using spear-phishing techniques to compromise diplomatic targets in Southeast Asia, India, and the U.S. at least since 2013. According to researchers from Kaspersky, the offensive, which was observed between June 2020 and January 2021, leverages a method called DLL side-loading to execute shellcode that decrypts a final payload dubbed FoundCore. ....
Researchers said the FoundCore malware represents a big step forward when it comes to evasion. An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool (RAT) for carrying out espionage operations, researchers said. Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat (APT) known as Cycldek (a.k.a. Goblin Panda, APT 27 and Conimes), according to Kaspersky researchers, who added that the group has been active since at least 2013. The malware used in the campaign, dubbed FoundCore, allows attackers to conduct filesystem manipulation, process manipulation, screenshot captures and arbitrary command execution. ....