Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Asia's power grids are once again being targeted by Chinese hackers.
Symantec's Threat Hunter Team research team has reported on a team dubbed "Redfly". This team infiltrated the national power grid of an unspecified Asian country using the ShadowPad trojan. The attackers stole credentials, installed additional malware, and accessed many systems on the infected network, maintaining access for six months.
For those who don't know, ShadowPad is a malware for Windows that is believed to have been used by Chinese hackers to attack India's power grid near the border with China last year.
Symantec did not specify the path of the intrusion in this latest attack, claiming only that it all started with one infected computer. During the invasion, ShadowPad pretended to be files and directories of a VMware program to hide its presence. After that, additional tools were downloaded, including a keylogger.
According to Symantec, the attack used a variant of ShadowPad that was directly related to the attack on India: it used the same remote management server. Although no final conclusions have yet been drawn, an analyst with Symantec's Threat Hunter Team, Dick O'Brien, confirmed that the same infrastructure was used.
The Redfly team itself is supposedly focused on state-scale attacks, neglecting commercial goals in favor of objects with high intelligence value.
Despite the fact that the Redfly attack did not lead to any violations, Symantec emphasizes that this is not the only case of unauthorized access to critical national infrastructure facilities.
The research team warned of an increase in the frequency of such attacks on national infrastructure over the past year, expressing concern about this.
Dick O'Brien also noted that according to Microsoft, the attacks carried out by the Chinese group Volt Typhoon were more diverse and were not limited only to power grids.
Symantec's Threat Hunter Team research team has reported on a team dubbed "Redfly". This team infiltrated the national power grid of an unspecified Asian country using the ShadowPad trojan. The attackers stole credentials, installed additional malware, and accessed many systems on the infected network, maintaining access for six months.
For those who don't know, ShadowPad is a malware for Windows that is believed to have been used by Chinese hackers to attack India's power grid near the border with China last year.
Symantec did not specify the path of the intrusion in this latest attack, claiming only that it all started with one infected computer. During the invasion, ShadowPad pretended to be files and directories of a VMware program to hide its presence. After that, additional tools were downloaded, including a keylogger.
According to Symantec, the attack used a variant of ShadowPad that was directly related to the attack on India: it used the same remote management server. Although no final conclusions have yet been drawn, an analyst with Symantec's Threat Hunter Team, Dick O'Brien, confirmed that the same infrastructure was used.
The Redfly team itself is supposedly focused on state-scale attacks, neglecting commercial goals in favor of objects with high intelligence value.
Despite the fact that the Redfly attack did not lead to any violations, Symantec emphasizes that this is not the only case of unauthorized access to critical national infrastructure facilities.
The research team warned of an increase in the frequency of such attacks on national infrastructure over the past year, expressing concern about this.
Dick O'Brien also noted that according to Microsoft, the attacks carried out by the Chinese group Volt Typhoon were more diverse and were not limited only to power grids.
