NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Chinese State-Backed Cyber Espionage Targets Southeast Asian Government

    Cyber Security News
    2
    1
    34
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace. "The overall goal behind the campaign was to maintain access to the target network for cyberespionage in support of Chinese state interests," Sophos researchers Paul Jaramillo, Morgan Demboski, Sean Gallagher, and Mark Parsons said in a report shared with The Hacker News. "This includes accessing critical IT systems, performing reconnaissance of specific users, collecting sensitive military and technical information, and deploying various malware implants for command-and-control (C2) communications." The name of the government organization was not disclosed, but the company said the country is known to have repeated conflict with China over territory in the South China Sea, raising the possibility that it may be the Philippines, which has been targeted by Chinese state-sponsored groups like Mustang Panda in the past. Other hallmarks of the campaign include the extensive use of DLL side-loading and unusual tactics to stay under the radar. "The threat actors leveraged many novel evasion techniques, such as overwriting DLL in memory to unhook the Sophos AV agent process from the kernel, abusing AV software for sideloading, and using various techniques to test the most efficient and evasive methods of executing their payloads," the researchers said. Further investigation has revealed that Cluster Alpha focused towards mapping server subnets, enumerating administrator accounts, and conducting reconnaissance on Active Directory infrastructure, with Cluster Bravo prioritizing the use of valid accounts for lateral movement and dropping EtherealGh0st. Activity associated with Cluster Charlie, which took place for the longest period, entailed the use of PocoProxy to establish persistence on compromised systems and the deployment of HUI Loader, a custom loader used by several China-nexus actors, to deliver Cobalt Strike. "The observed clusters reflect the operations of two or more distinct actors working in tandem with shared objectives," the researchers noted. "The observed clusters reflect the work of a single group with a large array of tools, diverse infrastructure, and multiple operators.

      ที่มาแหล่งข่าว
      https://thehackernews.com/2024/06/chinese-state-backed-cyber-espionage.html

      3a3130d6-99bd-4499-b895-812e9e366e14-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post