• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
chinese espionage hackers target tibetans using new lowzero backdoor

Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor

You are here: Home / General Cyber Security News / Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor
September 26, 2022

A China-aligned superior persistent threat actor recognized as TA413 weaponized just lately disclosed flaws in Sophos Firewall and Microsoft Place of work to deploy a hardly ever-prior to-witnessed backdoor termed LOWZERO as component of an espionage campaign aimed at Tibetan entities.

Targets primarily consisted of organizations involved with the Tibetan neighborhood, which includes enterprises connected with the Tibetan govt-in-exile.

The intrusions associated the exploitation of CVE-2022-1040 and CVE-2022-30190 (aka “Follina”), two distant code execution vulnerabilities in Sophos Firewall and Microsoft Business, respectively.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

“This willingness to rapidly incorporate new methods and solutions of initial accessibility contrasts with the group’s ongoing use of very well recognised and noted capabilities, these as the Royal Street RTF weaponizer, and frequently lax infrastructure procurement tendencies,” Recorded Long term stated in a new specialized examination.

TA413, also regarded as LuckyCat, has been joined to relentlessly targeting companies and individuals affiliated with the Tibetan neighborhood at least since 2020 making use of malware these kinds of as ExileRAT, Sepulcher, and a malicious Mozilla Firefox browser extension dubbed FriarFox.

Chinese Espionage Hackers

The group’s exploitation of the Follina flaw was earlier highlighted by Proofpoint in June 2022, while the greatest finish aim of the infection chains remained unclear.

Also place to use in a spear-phishing attack discovered in Could 2022 is a destructive RTF doc that exploited flaws in Microsoft Equation Editor to drop the custom LOWZERO implant. This is obtained by using a Royal Highway RTF weaponizer instrument, which is greatly shared between Chinese menace actors.

CyberSecurity

In a different phishing email despatched to a Tibetan goal in late May well, a Microsoft Word attachment hosted on the Google Firebase company attempted to leverage the Follina vulnerability to execute a PowerShell command made to download the backdoor from a distant server.

LOWZERO, the backdoor, is capable of obtaining further modules from its command-and-regulate (C2) server, but only on the issue that the compromised device is deemed to be of curiosity to the danger actor.

“The group continues to incorporate new abilities although also relying on tried-and-tested [tactics, techniques, and procedures,” the cybersecurity firm said.

“TA413’s adoption of both zero-day and recently published vulnerabilities is indicative of wider trends with Chinese cyber-espionage groups whereby exploits regularly appear in use by multiple distinct Chinese activity groups prior to their widespread public availability.”

Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post.


Some pieces of this post are sourced from:
thehackernews.com

Previous Post: «35 cyber startups join largest uk government backed accelerator 35 cyber startups join largest UK government-backed accelerator
Next Post: Australia looks to amend privacy rules following Optus data breach australia looks to amend privacy rules following optus data breach»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.