• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • Contact Us

iHash

News and How to's

  • Dell OptiPlex 7010 RGB Desktop Quad Core Intel i5 (3.2GHz) 8GB DDR3 RAM 250GB SSD Windows 10 Pro (Refurbished) for $162

    Dell OptiPlex 7010 RGB Desktop Quad Core Intel i5 (3.2GHz) 8GB DDR3 RAM 250GB SSD Windows 10 Pro (Refurbished) for $162
  • Dell OptiPlex 5040 (RGB) Desktop Quad Core Intel i5 (3.2GHz) 16GB DDR3 RAM 500GB SSD Windows 10 Pro (Refurbished) for $249

    Dell OptiPlex 5040 (RGB) Desktop Quad Core Intel i5 (3.2GHz) 16GB DDR3 RAM 500GB SSD Windows 10 Pro (Refurbished) for $249
  • Zerrio: The Ultimate All-In-One Business Management Toolkit (Lifetime Subscription) for $59

    Zerrio: The Ultimate All-In-One Business Management Toolkit (Lifetime Subscription) for $59
  • DNS FireWall: Lifetime Subscription for $59

    DNS FireWall: Lifetime Subscription for $59
  • KeepSolid SmartDNS: Lifetime Subscription for $59

    KeepSolid SmartDNS: Lifetime Subscription for $59
  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

China’s Cyberspies Targeting Southeast Asian Government Entities

Jul 15, 2021 by iHash Leave a Comment

A sweeping and “highly active campaign” that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research.

Russian cybersecurity firm Kaspersky, which first spotted the infections in October 2020, attributed them to a threat actor it tracks as “LuminousMoth,” which it connected with medium to high confidence to a Chinese state-sponsored hacking group called HoneyMyte or Mustang Panda, given its observed victimology, tactics, and procedures.

About 100 affected victims have been identified in Myanmar, while the number of victims jumped to nearly 1,400 in the Philippines, although the researchers noted that the actual targets were only a fraction of the initial numbers, including government entities located both within the two countries and abroad.

Stack Overflow Teams

The goal of the attacks is to affect a wide perimeter of targets with the aim of hitting a select few that are of strategic interest, researchers Mark Lechtik, Paul Rascagneres, and Aseel Kayal said. Put differently, the intrusions are simultaneously wide-ranging and narrow-focused, enabling the threat acor to siphon intelligence from high-profile targets.

The infection vector used in the campaign involves sending a spear-phishing email to the victim containing a Dropbox download link that, when clicked, leads to a RAR archive that’s designed to mimic a Word document. The archive file, for its part, comes with two malicious DLL libraries (“version.dll” and “wwlib.dll”) and two corresponding executable files that run the malware.

Upon successfully gaining a foothold, an alternative infection chain observed by Kaspersky leverages removable USB drives to propagate the malware to other hosts with the help of “version.dll”. On the other hand, the purpose of “wwlib.dll” is to download a Cobalt Strike beacon on the compromised Windows system from a remote attacker-controlled domain.

In some instances, the attacks incorporated an extra step wherein the threat actor deployed a post-exploitation tool in the form of a signed-but-rogue version of Zoom video conferencing app, using it to hoover sensitive files to a command-and-control server. A valid digital certificate was used to sign the software in an effort to pass off the tool as benign. Also spotted on some infected machines was a second post-exploitation utility that steals cookies from Google Chrome browser.

Enterprise Password Management

LuminousMoth’s malicious cyber operations and its possible ties to Mustang Panda APT may also be an attempt to shift tactics and update their defensive measures by re-tooling and developing new and unknown malware implants, Kaspersky noted, thus potentially obscuring any ties to their past activities and blurring their attribution to known groups.

“APT actors are known for the frequently targeted nature of their attacks. Typically, they will handpick a set of targets that in turn are handled with almost surgical precision, with infection vectors, malicious implants and payloads being tailored to the victims’ identities or environment,” Kaspersky researchers said.

“It’s not often we observe a large-scale attack conducted by actors fitting this profile, usually due to such attacks being noisy, and thus putting the underlying operation at risk of being compromised by security products or researchers.”

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: Asian, Chinas, computer security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, Cyberspies, data breach, Entities, Government, hacker news, hacking news, how to hack, information security, network security, ransomware malware, software vulnerability, Southeast, Targeting, the hacker news

Special Offers

  • Dell OptiPlex 7010 RGB Desktop Quad Core Intel i5 (3.2GHz) 8GB DDR3 RAM 250GB SSD Windows 10 Pro (Refurbished) for $162

    Dell OptiPlex 7010 RGB Desktop Quad Core Intel i5 (3.2GHz) 8GB DDR3 RAM 250GB SSD Windows 10 Pro (Refurbished) for $162
  • Dell OptiPlex 5040 (RGB) Desktop Quad Core Intel i5 (3.2GHz) 16GB DDR3 RAM 500GB SSD Windows 10 Pro (Refurbished) for $249

    Dell OptiPlex 5040 (RGB) Desktop Quad Core Intel i5 (3.2GHz) 16GB DDR3 RAM 500GB SSD Windows 10 Pro (Refurbished) for $249
  • Zerrio: The Ultimate All-In-One Business Management Toolkit (Lifetime Subscription) for $59

    Zerrio: The Ultimate All-In-One Business Management Toolkit (Lifetime Subscription) for $59
  • DNS FireWall: Lifetime Subscription for $59

    DNS FireWall: Lifetime Subscription for $59
  • KeepSolid SmartDNS: Lifetime Subscription for $59

    KeepSolid SmartDNS: Lifetime Subscription for $59

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

Dell OptiPlex 5040 (RGB) Desktop Quad Core Intel i5 (3.2GHz) 16GB DDR3 RAM 500GB SSD Windows 10 Pro (Refurbished) for $249

Jun 6, 2023 By iHash

The Importance of Data Quality in Benefits

Jun 6, 2023 By iHash

Tags

* Apple Cisco computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS 7 iOS 8 iPhone Malware microsoft network security ransomware ransomware malware risk management Secure security security breaches security vulnerabilities software vulnerability the hacker news Threat update video web applications

Latest

Dell OptiPlex 7010 RGB Desktop Quad Core Intel i5 (3.2GHz) 8GB DDR3 RAM 250GB SSD Windows 10 Pro (Refurbished) for $162

Expires January 20, 2123 00:37 PST Buy now and get 62% off KEY FEATURES A reliable desktop for both home and office use. Dell OptiPlex 7010 Desktop is powered by an Intel Quad-Core i5-3450 processor running at 3.2GHz making it perfect for built for professional-grade multitasking, high-speed web browsing, multimedia applications like streaming, or even […]

Apple announces winners of the 2023 Apple Design Awards

June 5, 2023 UPDATE Apple announces winners of the 2023 Apple Design Awards At WWDC23, winners are recognized for excellence in innovation, ingenuity, and technical achievement in app and game design Today, Apple proudly unveiled the winners of its annual Apple Design Awards, celebrating 12 best-in-class apps and games. This year’s winners, spanning development teams around […]

Zerrio: The Ultimate All-In-One Business Management Toolkit (Lifetime Subscription) for $59

Expires June 06, 2123 23:59 PST Buy now and get 93% off KEY FEATURES Zerrio is more than just a business management tool — it’s a partner that supports your success every step of the way! With over 60+ business tools, Zerrio is your one-stop business management hub. For one low monthly fee, you can […]

Dotan Horovits

From Spotify to Open Source: The Backstory of Backstage

Technology juggernauts–despite their larger staffs and budgets–still face the “cognitive load” for DevOps that many organizations deal with day-to-day. That’s what led Spotify to build Backstage, which supports DevOps and platform engineering practices for the creation of developer portals. Eventually, Spotify made the decision to open source Backstage and donate it to the Cloud Native […]

Passwarden PW Manager Lifetime Subscription for $79

Expires June 04, 2024 23:59 PST Buy now and get 60% off KEY FEATURES Safe password manager for those who value security! Passwarden is a secure password manager that simplifies and strengthens your digital life by securely storing and managing all your passwords in one place. It utilizes strong AES-256 encryption algorithms to protect your […]

Heard on the Street – 6/5/2023

Welcome to insideBIGDATA’s “Heard on the Street” round-up column! In this regular feature, we highlight thought-leadership commentaries from members of the big data ecosystem. Each edition covers the trends of the day with compelling perspectives that can provide important insights to give you a competitive advantage in the marketplace. We invite submissions with a focus […]

Jailbreak

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

  Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate.   Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

  Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Copyright iHash.eu © 2023
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT