LuckyMouse – WindowsTechs.com

Chinese-linked hacking group using Windows backdoors to go after gambling industry targets

Posted on February 18, 2020 by Shannon Vavra

A nation-state actor that has links with Chinese hackers is exploiting two new backdoors to run a cyber-espionage campaign against gambling entities in Southeast Asia, according to Trend Micro research. The new activity, which is also reportedly occurring in Europe and the Middle East, was first unearthed last year when cybersecurity consultancy Talent-Jump Technologies found a Microsoft Windows backdoor and contacted Trend Micro while conducting incident response for a company based in the Philippines. Upon further investigation, it wasn’t immediately clear if the group itself, which Trend Micro has dubbed “DRBControl,” is a newcomer, according to Trend Micro researchers Daniel Lunghi, Cedric Pernet, Kenney Lu, and Jamz Yaneza. Based on DRBControl’s techniques and malware, there are some connections with Chinese-linked APT 27. That threat group is known for its targeting in the aerospace, government, defense, technology, and energy industries. DRBControl may also be tied to Winnti group, according to Trend Micro’s […]

The post Chinese-linked hacking group using Windows backdoors to go after gambling industry targets appeared first on CyberScoop.

Continue reading Chinese-linked hacking group using Windows backdoors to go after gambling industry targets→

Latest Luckymouse Trojan Set Against Government Institutions

Posted on September 11, 2018 by Martin Beltov

Security experts report that the LuckyMouse Hacking group has devised a new malicious threat which uses a highly advanced infiltration behavior pattern. This new LuckyMouse Trojan has the capability to infect high-profile networks and is considered a c… Continue reading Latest Luckymouse Trojan Set Against Government Institutions→

This Chinese hacking group pwned a bunch of Mongolian government sites

Posted on June 15, 2018 by Chris Bing

A Chinese hacking group broke into a national data center in Mongolia late last year in an expansive cyber-espionage campaign that allowed the attackers to quietly plant malware into government websites, according to a new research report by Kaspersky Lab and supplemental analysis provided to CyberScoop. According to Kaspersky’s latest research, a known Chinese hacking group used watering hole-style attacks and spear phishing emails to breach specific employees of the Mongolian data center. After gaining individual access, they leveraged those accounts to gain additional control over the facility’s infrastructure. The episode began around October 2017. It was discovered by Kaspersky in March 2018. The Chinese speaking group that’s responsible is widely linked to Beijing. It’s tracked by the cybersecurity community under different names, including APT27, EmissaryPanda, IronPanda and LuckyMouse. They’ve been known to also target U.S. defense contractors. The Kaspersky report does not list Mongolia as the victim, but instead […]

The post This Chinese hacking group pwned a bunch of Mongolian government sites appeared first on Cyberscoop.

Continue reading This Chinese hacking group pwned a bunch of Mongolian government sites→