CyberSecurityBoard
Sponsor Register Login

Chinese APT Hacks 48 Government Organizations

An advanced persistent threat actor likely operating on behalf of the Chinese government has compromised dozens of foreign government entities worldwide, Trend Micro reports.
Referred to as Earth Krahang, the hacking group appears linked to Earth Lusca, which is believed to be a penetration team within the Chinese company I-Soon.
Leaked documents recently showed that I-Soon is a private contractor linked to the Ministry of Public Security, China's top policing agency.
Earth Krahang, Trend Micro says, is focused on cyberespionage, and is believed to have compromised at least 70 organizations across 23 different countries, mainly in Asia and America, but also in Europe and Africa.
The APT has targeted at least 100 other entities across 35 countries as well.
Earth Krahang, Trend Micro says, was seen compromising government infrastructure to host malicious payloads, proxy traffic, and send spear-phishing emails targeting other governmental entities.
The threat actor would also build VPNs on compromised public-facing servers to access the victims' networks and harvest email credentials using brute-force attacks.
According to Trend Micro, operational errors allowed it to tap into the APT's servers and retrieve malware samples and configuration and log files.
The group was seen employing open source tools to scan victims' web-facing servers, brute-forcing directories to collect sensitive information, and exploiting command execution vulnerabilities in OpenFire and Oracle Web Applications Desktop Integrator.
Earth Krahang would send spear-phishing emails containing attachments or embedded URLs leading to malware execution.
In one instance, a compromised government email account was used to send a malicious attachment to roughly 800 accounts belonging to the same organization.
Following initial access, the APT would deploy the SoftEther VPN to connect to the victim environment, would use task scheduling to obtain persistence, enable remote desktop connections, scan the network, extract credentials from memory dumps, move laterally, and escalate privileges.
To maintain access to the victim's systems, the threat actor would deploy Cobalt Strike, as well as two custom backdoors named Reshell and XDealer.
In some instances, Earth Krahang also deployed PlugX and ShadowPad variants on victim's systems.
Trend Micro's investigation into Earth Krahang revealed links to other Chinese threat actors, including a strong connection to Earth Lusca, due to overlaps in infrastructure and the preference of initial stage backdoors.


This Cyber News was published on www.securityweek.com. Publication date: Tue, 19 Mar 2024 14:13:05 +0000


Cyber News related to Chinese APT Hacks 48 Government Organizations

Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
8 months ago Apnews.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
9 months ago Cysecurity.news
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
1 year ago Securityweek.com
What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
11 months ago Techtarget.com
Chinese APT Hacks 48 Government Organizations - An advanced persistent threat actor likely operating on behalf of the Chinese government has compromised dozens of foreign government entities worldwide, Trend Micro reports. Referred to as Earth Krahang, the hacking group appears linked to Earth ...
7 months ago Securityweek.com
Sandman APT Gains Traction: Chinese Hackers Amplify Cybersecurity Risks - Following this assessment, SentinelOne, PwC, and Microsoft Threat Intelligence have been working together on this since they have determined that the adversary's Lua-based malware, LuaDream, and the KEYPLUG have both been found to cohabit in the ...
10 months ago Cysecurity.news
Lawmakers: Ban TikTok to Stop Election Misinformation! Same Lawmakers: Restrict How Government Addresses Election Misinformation! - In a case being heard Monday at the Supreme Court, 45 Washington lawmakers have argued that government communications with social media sites about possible election interference misinformation are illegal. Just this week the vast majority of those ...
7 months ago Eff.org
iSoon's Secret APT Status Exposes China's Foreign Hacking Machination - A trove of leaked documents has revealed the Chinese government works with private sector hackers to spy on foreign governments and companies, domestic dissidents, ethnic minorities, and more. On Feb. 16, an anonymous individual with unknown motives ...
8 months ago Darkreading.com
China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
8 months ago Darkreading.com
DHS and FBI: Chinese Drones Pose Major Threat to U.S. Security - The cybersecurity arm of the Department of Homeland Security and the Federal Bureau of Investigation have jointly issued a public service announcement cautioning about the potential risks posed by Chinese-manufactured drones to critical ...
9 months ago Cysecurity.news
7 Months Inside an Online Scam Labor Camp - He had been kidnapped and forced to work for an abusive online scam operation. A man was abducted by a Chinese gang and forced to work in a scam operation. More than anything else, Neo Lu, a 28-year-old Chinese office worker, believed the gig would ...
10 months ago Nytimes.com
Montana Loses in US Court - States can't just ban apps, says federal judge. The judge ruled the state can't stop app stores offering an app. How would you even enforce a statewide ban? In today's SB Blogwatch, we ponder the great firewall of Montana. "Paternalistic ...
11 months ago Securityboulevard.com
Chinese Hackers Turn To Golang For Malware - Chinese hackers are increasingly turning to the open-source programming language Golang to maliciously code and launch new cyberattacks. According to the latest analysis by The Hacker News, this has resulted in an increase in the number of cyber ...
1 year ago Thehackernews.com
Beijing fosters foreign influencers to spread its propaganda The Register - China is offering foreign influencers access to its vast market in return for content that sings its praises and helps to spreads Beijing's desired narratives more widely around the world, according to think tank the Australian Strategic Policy ...
11 months ago Theregister.com
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Malware hunters in the United States have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting ...
10 months ago Securityweek.com
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Malware hunters in the United States have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting ...
10 months ago Packetstormsecurity.com
Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
9 months ago Bleepingcomputer.com
Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
9 months ago Bleepingcomputer.com
Chinese Earth Krahang hackers breach 70 orgs in 23 countries - A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. According to Trend Micro researchers monitoring the ...
7 months ago Bleepingcomputer.com
Critical infrastructure hacks raise alarms on Chinese threats - A U.S. law enforcement operation in December disrupted a botnet of hundreds of routers operated by Chinese nation-state actors. The campaign has raised concerns about potentially destructive cyberattacks from the country. The law enforcement ...
9 months ago Techtarget.com
US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon - The US government on Wednesday announced a major takedown of a botnet full of end-of-life Cisco and Netgear routers after researchers warned it was being used by Chinese state-backed hackers as a covert communications channel. The disruption comes ...
9 months ago Securityweek.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
1 year ago Csoonline.com
Researchers Claim Apple Was Aware of AirDrop User Identification and Tracking Risks Since 2019 - Security researchers had reportedly alerted Apple about vulnerabilities in its AirDrop wireless sharing feature back in 2019. According to these researchers, Chinese authorities recently exploited these vulnerabilities to track users of the AirDrop ...
9 months ago Cysecurity.news
Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs - Common malware has led a group of researchers to link the once mysterious Sandman threat group, known for cyberattacks against telecom service providers across the world, to a growing web of Chinese government-backed advanced persistent threat ...
10 months ago Darkreading.com
What Should We Expect for State and Local Government IT Priorities in 2024? - As we wrap up 2023, it is a great time to reflect on the current state of technology in state and local governments and look ahead to the priorities for the coming year. Maintaining the security of networks and the data they carry continues to be the ...
10 months ago Feedpress.me

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)