Black Hat 2020: Linux Spyware Stack Ties Together 5 Chinese APTs

The groups, all tied to the Winnti supply-chain specialist gang, were seen using the same Linux rootkit and backdoor combo. Continue reading Black Hat 2020: Linux Spyware Stack Ties Together 5 Chinese APTs

Taiwan suggests China’s Winnti group is behind ransomware attack on state oil company

Taiwanese authorities have suggested that Chinese hackers were behind a ransomware attack against Taiwan’s state oil company, an aggressive assault on one of the island nation’s strategic assets. Data left behind in the attack, such as a configuration file and domain name, point to the involvement of a group known as Winnti, Taiwan’s Ministry of Justice said in a statement Friday. Winnti is a broad collection of hackers that cybersecurity researchers have linked with the Chinese government. Cybersecurity analysts say Beijing’s hackers have long conducted operations against Taiwanese targets to gather intelligence. But an attempt to extort Taiwanese company CPC Corp., which is responsible for delivering oil products throughout Taiwan, would be a much more brazen move. Although the attack didn’t affect the CPC’s energy production, it did disrupt some customers’ efforts to use CPC Corp.’s payment cards to purchase gas. CyberScoop could not independently confirm that Winnti was involved in the attack. The Chinese Embassy in Washington, […]

The post Taiwan suggests China’s Winnti group is behind ransomware attack on state oil company appeared first on CyberScoop.

Continue reading Taiwan suggests China’s Winnti group is behind ransomware attack on state oil company

A discovered malware sample uses code from the NSA and a Chinese hacking group

Good hackers steal, great hackers borrow. According to new research from ESET, a code obfuscation tool that’s been linked to Chinese-based hackers has been used in tandem with an implant that has been attributed to Equation Group, a hacking faction that is broadly believed to have ties to the National Security Agency. ESET says the obfuscation tool is linked with Winnti Group, while the implant, known as PeddleCheap, appeared in an April 2017 leak from the mysterious group known as the Shadow Brokers. It’s unclear if the sample was used in a malicious campaign or if it’s the product of a security researcher experimenting with different tools, according to Marc-Étienne Léveillé, a malware researcher at ESET. It was uploaded to malware-sharing repository VirusTotal in 2017, according to Léveillé. The Winnti-linked packer was used in a series of intrusions at gaming organizations in 2018, which ESET has previously documented. ESET published its findings […]

The post A discovered malware sample uses code from the NSA and a Chinese hacking group appeared first on CyberScoop.

Continue reading A discovered malware sample uses code from the NSA and a Chinese hacking group

Who is World Wired Labs and why are they selling an Android trojan?

A company advertising a remote access tool frequently used by criminals and nation-state hackers may be serving as a front for a Chinese hacking group, according to new research published Tuesday by BlackBerry Cylance. In a lengthy report on remote access trojans (RAT), BlackBerry Cylance researchers detail an Android malware variant, which they call PWNDROID4, that can be used to monitor targets’ phone calls, record audio, send and receive text messages, and track victims’ GPS location. Researchers believe it has been used by suspected Chinese government-linked hackers known as the Winnti group. In the report, researchers have pieced together that PWNDROID4 is remarkably similar to the Android version of a RAT known as NetWire, which has been around since 2017. BlackBerry Chief Product Architect Eric Cornelius told CyberScoop that researchers traced NetWire, a multi-platform RAT that’s been in use since at least 2012, back to a firm known as World Wired […]

The post Who is World Wired Labs and why are they selling an Android trojan? appeared first on CyberScoop.

Continue reading Who is World Wired Labs and why are they selling an Android trojan?

Chinese-linked hacking group using Windows backdoors to go after gambling industry targets

A nation-state actor that has links with Chinese hackers is exploiting two new backdoors to run a cyber-espionage campaign against gambling entities in Southeast Asia, according to Trend Micro research. The new activity, which is also reportedly occurring in Europe and the Middle East, was first unearthed last year when cybersecurity consultancy Talent-Jump Technologies found a Microsoft Windows backdoor and contacted Trend Micro while conducting incident response for a company based in the Philippines. Upon further investigation, it wasn’t immediately clear if the group itself, which Trend Micro has dubbed “DRBControl,” is a newcomer, according to Trend Micro researchers Daniel Lunghi, Cedric Pernet, Kenney Lu, and Jamz Yaneza. Based on DRBControl’s techniques and malware, there are some connections with Chinese-linked APT 27. That threat group is known for its targeting in the aerospace, government, defense, technology, and energy industries. DRBControl may also be tied to Winnti group, according to Trend Micro’s […]

The post Chinese-linked hacking group using Windows backdoors to go after gambling industry targets appeared first on CyberScoop.

Continue reading Chinese-linked hacking group using Windows backdoors to go after gambling industry targets

Bayer Reveals Its Detection and Containment of Digital Attack

German multinational pharmaceutical and life sciences company Bayer AG has revealed that it detected and contained a digital attack. As reported by Reuters, Bayer discovered the installation of malicious software on its systems in early 2018. It then q… Continue reading Bayer Reveals Its Detection and Containment of Digital Attack