• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
chinese hackers tag 74 targets south korean organizations in a multi year

Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign

You are here: Home / General Cyber Security News / Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign
September 26, 2023

A “multi-12 months” Chinese point out-sponsored cyber espionage campaign has been noticed targeting South Korean academic, political, and government businesses.

Recorded Future’s Insikt Team, which is monitoring the exercise beneath the moniker TAG-74, claimed the adversary has been linked to “Chinese navy intelligence and poses a sizeable risk to educational, aerospace and protection, govt, military, and political entities in South Korea, Japan, and Russia.”

The cybersecurity firm characterized the focusing on of South Korean tutorial institutions as in alignment with China’s broader endeavours to perform mental property theft and extend its impact, not to point out enthusiastic by the country’s strategic relations with the U.S.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Cybersecurity

Social engineering attacks mounted by the adversary make use of Microsoft Compiled HTML Support (CHM) file lures to fall a customized variant of an open up-resource Visual Simple Script backdoor named ReVBShell, which subsequently serves to deploy the Bisonal distant accessibility trojan.

ReVBShell is configured to sleep for a specified interval through a command issued from a remote server that can edit the time period. It also takes advantage of Base64 encoding to mask the command-and-management (C2) website traffic.

The use of ReVBShell has been tied to two other China-nexus clusters recognized as Tick and Tonto Team, with the latter attributed to an identical an infection sequence by the AhnLab Security Unexpected emergency Reaction Middle (ASEC) in April 2023.

Bisonal is a multi-practical trojan that can harvest system and file information, execute instructions and information, terminate procedures, down load and upload information, and delete arbitrary files on disk.

Upcoming WEBINARFight AI with AI — Battling Cyber Threats with Up coming-Gen AI Resources

Prepared to deal with new AI-driven cybersecurity worries? Sign up for our insightful webinar with Zscaler to handle the growing danger of generative AI in cybersecurity.

Supercharge Your Abilities

TAG-74 is reported to be closely associated to Tick, once all over again highlighting the widespread device sharing amongst Chinese risk groups.

“The noticed TAG-74 campaign is indicative of the group’s prolonged-phrase intelligence collection aims against South Korean targets,” Recorded Upcoming said.

“Supplied the group’s persistent emphasis on South Korean organizations over lots of yrs and the likely operational purview of the Northern Theater Command, the group is most likely to carry on to be remarkably energetic in conducting extensive-phrase intelligence-gathering on strategic targets within just South Korea as well as in Japan and Russia.”

Observed this report intriguing? Follow us on Twitter  and LinkedIn to examine more distinctive information we article.


Some elements of this posting are sourced from:
thehackernews.com

Previous Post: «critical jetbrains teamcity flaw could expose source code and build Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers
Next Post: Threat Report: The High Tech Industry Targeted the Most with 46% of NLX-Tagged Attack Traffic threat report: the high tech industry targeted the most with»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.