[TheRecord] Chinese espionage group targets critical infrastructure orgs in Southeast Asia

A cyber-espionage group believed to be operating out of China has targeted at least four critical infrastructure organizations in a southeast Asian country, security firm Symantec said in a report last week.

The intrusions took place between November 2020 to March 2021 and targeted:

a water companya power companya communications companya defense organization

Symantec said it found evidence that the attackers were interested in targeting information about SCADA systems, which is equipment typically used to control and manage production lines and industrial equipment.

“We did not observe the attackers exfiltrating data from the infected machines. However, the machine the attackers were on did have tools on it that indicate it may have been involved in the design of SCADA systems, indicating this is something the attacker may have been interested in,” the security firm said last week.

Group abused LOLbins for attacks

Researchers said they weren’t able to pinpoint the attackers’ entry point into the hacked organizations but said that once inside, the group exhibited advanced tactics that hid malicious operations using legitimate apps—a tactic known as LOLbins or living-off-the-land. Abused tools includes the likes of:

Windows Management Instrumentation (WMI)ProcDumpPsExecPAExecMimikatz

In addition, the group used a free multimedia player called PotPlayer Mini to load malicious DLLs on a compromised computer, including backdoors, keyloggers, and traffic proxying tools.

The use of generic and legitimate tools narrowed the amount of information researchers were able to gather about the group.

Symantec said it was only able to pinpoint the attack to an espionage group based in China but did not find any additional clues to link the intrusions to a previously known group.

The security firm didn’t name the country where the hacked targets were located.

The post Chinese espionage group targets critical infrastructure orgs in Southeast Asia appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[HackerNews] IndigoZebra APT Hacking Campaign Targets the Afghan Government

All posts, HackerNews

Cybersecurity researchers are warning of ongoing attacks coordinated by a suspected Chinese-speaking threat actor targeting the Afghanistan government as part of an espionage campaign that may have had its provenance as far back as 2014. Israeli cybersecurity firm Check Point Research attributed the intrusions to a hacking group tracked under the moniker “IndigoZebra,” with past […]

Read More

[ESET] Gelsemium: When threat actors go gardening

All posts, ESET feed

ESET researchers shed light on new campaigns from the quiet Gelsemium group The post Gelsemium: When threat actors go gardening appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

[ZDNet] Singapore tweaks cybersecurity strategy with OT emphasis

All posts, ZDNet

Five years after the country introduced its cybersecurity strategy, Singapore unveils a revised national plan that aims to assume a more proactive stance in addressing threats and drive its cybersecurity posture, including a new operational technology competency framework. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.