China-linked spies used six backdoors to steal info from defense, industrial enterprise orgs

Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions, according to Kaspersky researchers.

We’re told the security shop’s industrial control systems (ICS) response team initially detected a series of targeted attacks back in January that compromised more than a dozen of organizations in several Eastern European countries, including Belarus, Russia, and Ukraine, and Afghanistan. 

“The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions,” the team wrote in a report published on Monday.

Kaspersky attributed the attacks “with a high degree of confidence” to Chinese cybercrime gang TA428, which has a history of targeting East Asian and Russian military and research institutes. 

The ICS research team identified malware and command-and-control servers based in China, and added that this more recent series of attacks is “highly likely” to be an extension of an ongoing cyberespionage campaign, previously spotted by other research teams.

They also sound very similar to another campaign, dubbed Twisted Panda, carried out by Chinese cyberspies and targeting Russian defense institutes, uncovered by Check Point Research in May.

According to Kaspersky, the miscreants gained access to the enterprise networks via phishing emails, some of which included organization-specific information that wasn’t publicly available.

“This could indicate that the attackers did preparatory work in advance (they may have obtained the information in earlier attacks

Read more

Explore the site

More from the blog

Latest News