Posted on August 9, 2021 at 7:13 AM
Research study has exposed a hacking group linked to China targeting various infrastructure firms in Southeast Asia. The hacking attempts were part of an espionage attack aimed at obtaining sensitive information.
Symantec, a cybersecurity company, conducted the study research. According to the security firm, the hacking campaign was made between November 2020 and March 2021, and its main target groups were power companies, water companies, defence organizations and a communications company.
Sophisticated Hacking Techniques
The hacking groups behind the attack used a myriad of techniques to guarantee the success of their operations. These techniques involved using malicious apps, exploiting vulnerabilities in a Google Chrome plug-in and search order hijacking.
In the attack against the water company, the hacking group used a multimedia player known as PotPlayer Mini. The player was used to load malicious malware on the affected device to enable credential theft. The hacking group also used the PotPlayer malware and added another unknown payload when attacking the power company.
The attack on the communications firm was different from the previous two firms. In this case, the attackers used Google Chrome Frame to install malware on the affected devices and collect important user credentials.
“In the defence organization, we once again saw PotPlayer Mini exploited for DLL search order hijacking, as well as seeing some file overlaps between this organization and the communications and water companies,” the report reads in part.
The attackers also went ahead to steal user credentials and collect information from users about the SCADA systems of the affected users. SCADA is a system that contains software and hardware devices to enable industrial firms to manage their processes from any location. The system also allows users to monitor and gather real-time information.
Hackers Linked to China
The Symantec report also states that there were indications that the hacking campaign was rooted in China because of various traces left on the affected devices. However, the report also notes that “with the current information available, Symantec cannot attribute the activity to a known actor.”
The report also notes that details gotten from the attacker machines indicated that the researchers were looking for something they may have been interested in. This was deduced from the tools installed in the attacker machines to carry out the attack.
China has been linked to several espionage attacks in recent months. During these attacks, hacking groups affiliated with the country have gained access to big corporations, government workers, law enforcement agencies, politicians and other groups that would be of interest to China.
Cybereason had also uncovered another espionage attack done by a hacking group affiliated with China. The attack targeted global telecommunications firms based in Southeast Asia. The objective of the attack was to collect sensitive user details.
The U.S. Senate recently had a hearing on the ongoing espionage attacks, and various details were uncovered that show why China has been compromising global organizations. Some of those testifying in the hearing mentioned that China was using espionage attacks to steal I.P. data to gain dominance in technological advancements. Some areas that China was targeting to control include artificial intelligence and semiconductors.
The testimony before the U.S. Senate also revealed that China could use the technology garnered to conduct more espionage attacks.
In July, the U.S. also indicted four individuals linked to the Chinese Ministry of State Security. The testimony indicated that the nationals were involved in a hacking campaign done between 2011 and 2018. The attack targeted various universities and government corporations intending to obtain details related to trade, medical research and other crucial details.
Bill Evanina, a former official at the National Counterintelligence and Security Centre, testified before the U.S. Senate hearing stating that “The holistic and comprehensive threat to the U.S. posed by the Communist Party of China is an existential threat and is the most complex, pernicious, aggressive and strategic threat our nation has ever faced.”
The statement also stated that China had access to a wide range of cybersecurity resources that could enable the country to access U.S. technological systems and access data or install malware. Evanina also warned that China could be conducting an espionage attack to use the exfiltrated data later.