08-06-2021 , 03:31 AM
https://news.softpedia.com/news/chinese-...3675.shtml
Chinese Hackers Targeting Russian Federal Agencies
Another aggressive hacking spree was initiated by state-backed Chinese cybercriminals using new and innovative malware
Aug 5, 2021 13:28 GMT · By George Dascalu ·
Chinese state-sponsored hackers launched a massive hacking campaign against Russian federal authorities last year using a virus called Webdav-O, says The Hacker News. Group IB revealed that the virus is very similar to the BlueTraveller Trojan used in espionage campaigns and is linked to a Chinese cybercriminal gang called TaskMasters.
The report is a continuation of previous public disclosures with Solar JSOC and SentinelOne providing additional details about Mail-O and pointing to the malware PhantomNet employed by the threat actor TA428. According to Solar JSOC, the hackers' ultimate purpose was to cripple the IT infrastructure and obtain secret information, including confidential documents stored in locked sectors and exchanged among government executives.
The hackers' chosen targets are mostly government entities, military contractors, and academic institutions. In this particular case, threat actors used undetectable malware, genuine utilities, and a profound understanding of the workings of information protection tools in government agencies to maintain a high level of secrecy.
According to Dimitry Kupin and Anastasia Tikhonova from GROUP-IB, "Chinese APTs are one of the most numerous and aggressive hacker communities," They go on to say that the primary purpose of Chinese hackers is to gather information while keeping it undetected for as long as possible.
The similarities between the two in a nutshell
Group-IB based its findings on a sample of Webdav-O submitted to VirusTotal in November 2019. The researchers found it overlaps with a Solar JSOC malware sample from this month, the latter being a newer, enhanced version with additional features added. Based on the similarities in the source code and the way the commands are executed, the Webdav-O malware is related to the BlueTraveller Trojan.
Even more, a look at TA428's toolset reveals several parallels to another potential malware strain called Albaniiutas that was associated with the threat actor in December 2020. This suggests that Albaniiutas can be another updated version of BlueTraveller and that Webdav-O may be a slightly modified version of BlueTraveller.
It is still unclear whether TaskMasters and TA428 both attacked Russian federal agencies in 2020 or whether they are members form a larger state-sponsored hacking group.
Chinese Hackers Targeting Russian Federal Agencies
Another aggressive hacking spree was initiated by state-backed Chinese cybercriminals using new and innovative malware
Aug 5, 2021 13:28 GMT · By George Dascalu ·
Chinese state-sponsored hackers launched a massive hacking campaign against Russian federal authorities last year using a virus called Webdav-O, says The Hacker News. Group IB revealed that the virus is very similar to the BlueTraveller Trojan used in espionage campaigns and is linked to a Chinese cybercriminal gang called TaskMasters.
The report is a continuation of previous public disclosures with Solar JSOC and SentinelOne providing additional details about Mail-O and pointing to the malware PhantomNet employed by the threat actor TA428. According to Solar JSOC, the hackers' ultimate purpose was to cripple the IT infrastructure and obtain secret information, including confidential documents stored in locked sectors and exchanged among government executives.
The hackers' chosen targets are mostly government entities, military contractors, and academic institutions. In this particular case, threat actors used undetectable malware, genuine utilities, and a profound understanding of the workings of information protection tools in government agencies to maintain a high level of secrecy.
According to Dimitry Kupin and Anastasia Tikhonova from GROUP-IB, "Chinese APTs are one of the most numerous and aggressive hacker communities," They go on to say that the primary purpose of Chinese hackers is to gather information while keeping it undetected for as long as possible.
The similarities between the two in a nutshell
Group-IB based its findings on a sample of Webdav-O submitted to VirusTotal in November 2019. The researchers found it overlaps with a Solar JSOC malware sample from this month, the latter being a newer, enhanced version with additional features added. Based on the similarities in the source code and the way the commands are executed, the Webdav-O malware is related to the BlueTraveller Trojan.
Even more, a look at TA428's toolset reveals several parallels to another potential malware strain called Albaniiutas that was associated with the threat actor in December 2020. This suggests that Albaniiutas can be another updated version of BlueTraveller and that Webdav-O may be a slightly modified version of BlueTraveller.
It is still unclear whether TaskMasters and TA428 both attacked Russian federal agencies in 2020 or whether they are members form a larger state-sponsored hacking group.