![]() “While none of the techniques observed in this campaign is new or unique, the combination of the different tactics, and the variety of infection chains resulting in low detection rates, enabled the threat actors to stay under the radar for quite a while,” warned Check Point. Palo Alto Networks released a lengthy report on the malware in 2021.Ĭheck Point said it was tracking the campaign as SmugX and said it “overlaps with previously reported activity by Chinese APT actors RedDelta and Mustang Panda.” Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. PlugX has also been discovered on USB drives being used to target people in Mongolia, Papua New Guinea, Ghana, Zimbabwe, and Nigeria. The PlugX malware itself remained a recognizable variant of the tool, which has previously been used by multiple suspected Chinese threat groups, including to target the Vatican in 2020, an Indonesian intelligence service in 2021 and Ukraine in 2022. Acquisition and Military Modernization: A word of caution: indignation seldom leads to solutions. HTML smuggling is a hacking technique that has been used in various forms for years, exploiting HTML features to conceal data and files from automated content filters by including them as JavaScript blobs that get reassembled on the target’s machine. readers found in Chinese Industrial Espionage: Technology. These lures included a letter allegedly originating from the Serbian Embassy in Budapest, a document stating the priorities of the Swedish presidency of the Council of the European Union, and an article about two Chinese human rights lawyers sentenced to more than a decade in prison. ![]() Samples of lures posted to the VirusTotal malware repository had filenames that “strongly suggest that the intended victims were diplomats and government entities,” according to Check Point, while the lure material itself “contained diplomatic-related content,” which “in more than one case … was directly related to China.” The hackers were spotted using a new delivery method to deploy the modular PlugX malware implant, effectively smuggling it inside HTML documents, something which Check Point warned had “until recently helped the campaign fly under the radar.” The espionage campaign “represents a larger trend within the Chinese ecosystem, pointing to a shift to targeting European entities, with a focus on their foreign policy,” researchers from Check Point said Monday. Gau ignored the request, and the invitations stopped.Chinese hackers target European embassies with HTML smuggling techniqueĬhinese cyber spies have been targeting the foreign affairs ministries and embassies of European states in recent months, according to new research. The relationship had ended awkwardly, though, when Zha offered Gau money to come back to China with information about specific aviation projects from his employer, the industrial and defense giant Honeywell International Inc. When Gau brought his mother on a 2003 visit, Zha arranged and paid for them to take a Yangtze cruise to see the river’s dramatically sculpted middle reaches before they were flooded by the Three Gorges Dam. Little Zha, as the man called himself, was the one who made sure Gau never had to pay his own airfare when he came to give talks. Increasingly, however, Gau had heard from someone else, a man who worked at the university in a vague administrative capacity. The original invitation had come from the head of a lab there studying helicopter design. Years before, Gau had made a series of trips from his home in Phoenix to speak at the Nanjing University of Aeronautics and Astronautics, or NUAA, one of China’s most prestigious research institutions. In January 2014, Arthur Gau, an aerospace engineer who was nearing retirement age, received an unexpected email from a long-lost acquaintance in China. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |