China-Sponsored Attackers Target 40K Corporate Users in 90 Days

Three novel credential-phishing campaigns have emerged from state-sponsored actors that have compromised at least 40,000 corporate users - including top-level executives - in just three months' time, researchers have found.
The attacks target a range of industries and enter corporate environments through browsers, allowing them to get past network infrastructure security controls and cloud network services and demonstrating an evolution in capabilities on the part of adversaries, according to researchers from Menlo Security who discovered them.
The campaigns - called LegalQloud, Eqooqp, and Boomer - are characterized by their deployment of what the researchers call highly evasive and adaptive threat attack techniques that can circumvent controls such as multifactor authentication and URL filtering.
Tactics used by the campaigns include bypassing MFA and using phishing kits and adversary-in-the-middle tactics to take over user sessions; impersonating entities, primarily Microsoft, familiar to or associated with the organizations targeted; and using dynamic phishing links that make it hard for filtering technologies to track and thus detect.
Though researchers have established some attribution to a group previously tracked by Microsoft as Storm-1101/DEV-1101 - known for its development of AitM tactics that are used in the campaigns - it's not entirely clear exactly to which nation the attacks are linked.
All told, the campaigns targeted more than 3,000 unique domains across more than 10 industries and government institutions, and six out of 10 malicious links that users clicked on were connected to some kind of phishing campaign or fraud, with one of four of phishing links getting past legacy URL filtering, the researchers found.
Specific Credential-Stealing Campaigns Though the campaigns have similarities, each has its own unique set of targets and tactics, all with the ultimate goal of extracting credentials from corporate users for further malicious purposes, primarily cyber-espionage.
LegalQloud, so-named because it impersonates legal firms to steal Microsoft credentials, targeted 500 enterprises in 90 days and is exclusively hosted on Tencent Cloud, which is from the largest Internet company in China.
This hosting enables the URLs to bypass traditional categorization and allow-list controls, the researchers said.
Eqooqp has been targeting multiple government and private sector organizations - including logistics, finance, petroleum, manufacturing, higher education, and research firms - with AitM attacks that can defeat MFA. Menlo found nearly 50,000 attacks associated with the campaign, which uses malicious HTML attachments or links to pages that mimic Microsoft to phish credentials.
Another phishing campaign, Boomer, is especially intricate, targeting the government and healthcare sectors with advanced evasive techniques that include dynamic phishing sites, custom HTTP headers, tracking cookies, bot-detection countermeasures, encrypted code, and server-side generated phishing pages.
The campaign's Web application also employs a hidden iframe that's designed to detect bots and scan automation as a further advanced evasion tactic, the researchers found.
Demand for Stronger Defense What all this amounts to is that organizations continue to have their work cut out for them to keep up with the evolving nature of attacks, especially from well-resourced state-sponsored actors, security experts say.


This Cyber News was published on www.darkreading.com. Publication date: Sat, 29 Jun 2024 04:43:05 +0000


Cyber News related to China-Sponsored Attackers Target 40K Corporate Users in 90 Days

China-Sponsored Attackers Target 40K Corporate Users in 90 Days - Three novel credential-phishing campaigns have emerged from state-sponsored actors that have compromised at least 40,000 corporate users - including top-level executives - in just three months' time, researchers have found. The attacks target a range ...
4 months ago Darkreading.com
European firms urge China to give more clarity on data transfer laws - AP Moeller - Maersk A/S Siemens AG BEIJING, Nov 15 - European firms "Urgently" need China to give clearer definitions of key terms in its cross-border data transfer rules, a European business lobby group said on Wednesday, warning firms also stood to ...
11 months ago Reuters.com
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
1 year ago Securityweek.com
How 'Big 4' Nations' Cyber Capabilities Threaten the West - COMMENTARY. There are four nations deemed by the US and UK governments to pose the greatest threat to the West. Russia's cyber-threat activities are primarily focused on offensive cyber operations, China's are focused on cyber espionage, Iran's on ...
8 months ago Darkreading.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
8 months ago Darkreading.com
Stifling Beijing in cyberspace big focus for UK operatives The Register - Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre, will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings. Various ...
5 months ago Theregister.com
Big China Spy Balloon Moving East Over US, Pentagon Says - The Pentagon said at midday Friday that a Chinese spy balloon had moved eastward and was over the central United States, and that the U.S. rejected China's claims that it was not being used for surveillance. Gen. Pat Ryder, Pentagon press secretary, ...
1 year ago Securityweek.com
Pro-China campaign targeted YouTube with AI avatars The Register - Think tank Australian Strategic Policy Institute last week published details of a campaign that spreads English language pro-China and anti-US narratives on YouTube. The campaign, which ASPI calls Shadow Play, includes 30 YouTube channels that have ...
10 months ago Go.theregister.com
A top-secret Chinese spy satellite just launched on a supersized rocket - China's largest rocket apparently wasn't big enough to launch the country's newest spy satellite, so engineers gave the rocket an upgrade. The Long March 5 launcher flew with a payload fairing some 20 feet taller than its usual nose cone when it took ...
10 months ago Packetstormsecurity.com
US House 'Asks Intel, Nvidia, Micron CEOs' To Testify On China - US House of Representatives China committee asks chief executives of Intel, Nvidia, Micron to testify as international tensions mount. The chief executives of Intel, Nvidia and Micron have been asked to testify before the US House of Representatives' ...
9 months ago Silicon.co.uk
Beijing fosters foreign influencers to spread its propaganda The Register - China is offering foreign influencers access to its vast market in return for content that sings its praises and helps to spreads Beijing's desired narratives more widely around the world, according to think tank the Australian Strategic Policy ...
11 months ago Theregister.com
China Backed Actors are Employing Generative AI to Breach US infrastructure - Cybercriminals of all skill levels are utilising AI to hone their skills, but security experts warn that AI is also helping to track them down. At a workshop at Fordham University, National Security Agency head of cybersecurity Rob Joyce stated that ...
9 months ago Cysecurity.news
China Investigating Alleged Use of Surveillance Balloon in US - China declared on Friday that it is looking into reports that a Chinese spy balloon has been flying in U.S. airspace and asked for people to remain calm. The Foreign Ministry spokesperson Mao Ning also said that China has no intention of infringing ...
1 year ago Securityweek.com
Surge of swatting attacks targets corporate executives and board members - At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would ...
1 year ago Csoonline.com
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
10 months ago Silicon.co.uk
China warns of AirDrop de-anonymization flaw The Register - In June 2023 China made a typically bombastic announcement: operators of short-distance ad hoc networks must ensure they run according to proper socialist principles, and ensure all users divulge their real-world identities. The announcement targeted ...
9 months ago Go.theregister.com
'Volt Typhoon' hackers target US critical infrastructure - Background Hackers allegedly connected to the People's Liberation Army in China are responsible for a series of recent attacks on critical infrastructure in the USA, according to a report first published in the Washington Post. The attacks on tens of ...
10 months ago Pandasecurity.com
JetBrains fingers Rapid7 for customer ransomware attacks The Register - Last week, we wrote about how security outfit Rapid7 threw JetBrains, the company behind the popular CI/CD platform TeamCity, under the bus over allegations of silent patching. The software developer published its side of the story at the time, but ...
7 months ago Go.theregister.com
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations - Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a ...
11 months ago Thehackernews.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
9 months ago Bleepingcomputer.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
9 months ago Bleepingcomputer.com
China-Sponsored Hackers Lie in Wait to Attack US Infrastructure - In a stark warning this week, the Cybersecurity and Infrastructure Security Agency, FBI, and National Security Agency said that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations in such sectors as ...
8 months ago Securityboulevard.com
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
11 months ago Bleepingcomputer.com
China plans to take 'hack-proof' quantum satellite technology to new heights - China is planning new, cutting-edge quantum communications satellites. China launched the first dedicated quantum communications satellite, named Micius, in 2016, and has been quietly working on followup missions in the years since. "Low Earth orbit ...
11 months ago Space.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)