CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 724
- Points
- 113
In the Asian region, there was a raid by several Chinese groups with tools for surveillance and data theft.
Specialists of the Unit 42 division of the information security company Palo Alto Networks report that the unnamed government of Southeast Asia has become the target of several Chinese hacker groups that have been conducting espionage campaigns in the region for a long time. The activity took place at approximately the same time and sometimes even simultaneously on the same victim computers, but each group used unique tools, methods of work, and infrastructure.
Attacks targeting various government agencies, including critical infrastructure, public health facilities, and ministries, were attributed to three different groups: Stately Taurus (Mustang Panda), Alloy Taurus (Granite Typhoon), and Gelsemium.
Since some of the attackers attempts to install malware were unsuccessful, they continued to use new tools, demonstrating their ability to adapt to the mitigation process.
Earlier it was reported that the Chinese hacking group Mustang Panda, engaged in cyber espionage, was seen deploying a new custom backdoor called "MQsTTang". The new MQsTTang backdoor does not appear to be based on known malware. This fact indicates that hackers most likely developed MQsTTang from scratch to make it harder for antivirus products to detect malware.
Also in April, it became known that hackers of the Alloy Taurus group are using a new version of the RAT Trojan PingPull and the previously undocumented backdoor Sword2033. PingPull was used in the group's spy attacks.
Specialists of the Unit 42 division of the information security company Palo Alto Networks report that the unnamed government of Southeast Asia has become the target of several Chinese hacker groups that have been conducting espionage campaigns in the region for a long time. The activity took place at approximately the same time and sometimes even simultaneously on the same victim computers, but each group used unique tools, methods of work, and infrastructure.
Attacks targeting various government agencies, including critical infrastructure, public health facilities, and ministries, were attributed to three different groups: Stately Taurus (Mustang Panda), Alloy Taurus (Granite Typhoon), and Gelsemium.
- Mustang Panda used TONESHELL and ShadowPad variants. The main purpose is to gather intelligence and steal confidential information. During the campaign, the attackers controlled the victims ' environment, focusing on long-term management. The grouping tools include AdFind ,Mimikatz,Impacket, web shells ,Cobalt Strike, ShadowPad, and a new version of the TONESHELL backdoor .
- I tried to remain unnoticed. The group began its operations in early 2022 and continued them throughout 2023, using unusual infection methods and bypassing security tools. s Alloy Tauru Hackers exploited vulnerabilities in Microsoft Exchange Server to deploy web shells and additional downloads, including:NET-Zapoa and ReShell backdoors for remote execution of arbitrary commands and collection of confidential information.
- It focused on vulnerable IIS servers. The Group was active for six months between 2022 and 2023. The attackers used rare tools and techniques to gain access to sensitive Microsoft IIS servers of the Southeast Asian government. Gelsemium inventory includes OwlProxy and SessionManager backdoors, as well as tools like Cobalt Strike, Meterpreter, Earthworm, and SpoolFool for post-exploitation, traffic tunneling, and privilege escalation.
Since some of the attackers attempts to install malware were unsuccessful, they continued to use new tools, demonstrating their ability to adapt to the mitigation process.
Earlier it was reported that the Chinese hacking group Mustang Panda, engaged in cyber espionage, was seen deploying a new custom backdoor called "MQsTTang". The new MQsTTang backdoor does not appear to be based on known malware. This fact indicates that hackers most likely developed MQsTTang from scratch to make it harder for antivirus products to detect malware.
Also in April, it became known that hackers of the Alloy Taurus group are using a new version of the RAT Trojan PingPull and the previously undocumented backdoor Sword2033. PingPull was used in the group's spy attacks.
