• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Chinese “Override Panda” Hackers Resurface With New Espionage Attacks

You are here: Home / General Cyber Security News / Chinese “Override Panda” Hackers Resurface With New Espionage Attacks
May 2, 2022

Chinese Hackers

A Chinese condition-sponsored espionage team regarded as Override Panda has resurfaced in modern weeks with a new phishing attack with the target of thieving delicate data.

“The Chinese APT made use of a spear-phishing email to provide a beacon of a Red Staff framework known as ‘Viper,'” Cluster25 stated in a report revealed past week.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“The goal of this attack is now unidentified but with higher chance, specified the former history of the attack perpetrated by the team, it may well be a government establishment from a South Asian place.”

Override Panda, also termed Naikon, Hellsing, and Bronze Geneva, is known to run on behalf of Chinese pursuits because at least 2005 to carry out intelligence-gathering functions targeting ASEAN nations around the world.

Attack chains unleashed by the menace actor have associated the use of decoy documents hooked up to spear-phishing e-mails that are developed to entice the meant victims to open and compromise by themselves with malware.

Espionage Attacks

Last April, the group was connected to a broad-ranging cyberespionage marketing campaign directed versus army corporations in Southeast Asia. Then in August 2021, Naikon was implicated in cyberattacks focusing on the telecom sector in the area in late 2020.

The most up-to-date campaign noticed by Cluster25 is no different in that it leverages a weaponized Microsoft Office environment doc to kick-begin the an infection killchain that features a loader made to launch a shellcode, which, in change, injects a beacon for the Viper pink group software.

CyberSecurity

Offered for down load from GitHub, Viper is described as a “graphical intranet penetration device, which modularizes and weaponizes the practices and technologies usually used in the approach of Intranet penetration.”

The framework, identical to Cobalt Strike, is claimed to feature more than 80 modules to aid preliminary access, persistence, privilege escalation, credential Accessibility, lateral motion, and arbitrary command execution.

“By observing Naikon APT’s hacking arsenal, it was concluded that this team tends to conduct extensive-phrase intelligence and espionage functions, common for a group that aims to perform attacks on overseas governments and officers,” the researchers pointed out.

“To keep away from detection and improve the end result, it adjusted distinct [tactics, techniques, and procedures] and tools above time.”

Uncovered this post interesting? Adhere to THN on Fb, Twitter  and LinkedIn to read extra exclusive written content we publish.


Some elements of this write-up are sourced from:
thehackernews.com

Previous Post: «deep dive: protecting against container threats in the cloud Deep Dive: Protecting Against Container Threats in the Cloud

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Chinese “Override Panda” Hackers Resurface With New Espionage Attacks
  • Deep Dive: Protecting Against Container Threats in the Cloud
  • Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia
  • Google Releases First Developer Preview of Privacy Sandbox on Android 13
  • Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages
  • How cyber security history repeats itself
  • Secret School District Crypto Miner Resigns
  • BIO-ISAC Partners with NY Metro InfraGard
  • Finnish Hotels’ Data Compromised
  • IT Pro News In Review: IT staff shortages, Fujitsu to sell software to Ricoh, Japanese ransom attack

Copyright © TheCyberSecurity.News, All Rights Reserved.