A Chinese hacking group has been attributed to a new marketing campaign aimed at infecting government officers in Europe, the Center East, and South America with a modular malware recognised as PlugX.
Cybersecurity business Secureworks stated it identified the intrusions in June and July 2022, after yet again demonstrating the adversary’s ongoing aim on espionage towards governments all-around the globe.
“PlugX is modular malware that contacts a command and handle (C2) server for tasking and can obtain additional plugins to improve its functionality past basic details collecting,” Secureworks Counter Threat Unit (CTU) stated in a report shared with The Hacker Information.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Bronze President is a China-based danger actor lively given that at the very least July 2018 and is probably believed to be a condition-sponsored team that leverages a mix of proprietary and publicly readily available instruments to compromise and collect information from its targets.
It can be also publicly documented beneath other names this sort of as HoneyMyte, Mustang Panda, Purple Lich, and Temp.Hex. Just one of its principal applications of alternative is PlugX, a remote access trojan that has been commonly shared amid Chinese adversarial collectives.
Previously this calendar year, the group was observed focusing on Russian federal government officers with an current model of the PlugX backdoor called Hodur, alongside entities situated in Asia, the European Union, and the U.S.
Secureworks’ attribution of the most current campaign to Bronze President stems from the use of PlugX and politically-themed lure documents that align with areas that are of strategic relevance to China.
Attack chains distribute RAR archive files that have a Windows shortcut (.LNK) file masquerading as a PDF doc, opening which executes a respectable file existing in a nested hidden folder embedded in the archive.
This then paves the way for dropping a decoy doc, though the PlugX payload sets up persistence on the infected host.
“BRONZE PRESIDENT has demonstrated an ability to pivot quickly for new intelligence collection chances,” the researchers reported. “Corporations in geographic areas of interest to China ought to carefully keep an eye on this group’s pursuits, especially companies linked with or functioning as government businesses.”
Located this post attention-grabbing? Abide by THN on Facebook, Twitter and LinkedIn to study extra exclusive written content we put up.
Some pieces of this write-up are sourced from:
thehackernews.com
Shopify Fails to Prevent Known Breached Passwords