Top Highlights
- A China-aligned cyber espionage campaign, SHADOW-EARTH-053, targets government and defense sectors across Asia and Europe, exploiting known vulnerabilities in internet-facing systems for persistent access.
- The attackers deploy web shells like Godzilla and ShadowPad malware via DLL sideloading, using open-source tunneling tools and techniques such as Mimikatz for privilege escalation and lateral movement.
- New phishing campaigns by China-affiliated groups GLITTER CARP and SEQUIN CARP impersonate journalists and activists, aiming to harvest credentials and gain email access through sophisticated impersonation tactics.
- Evidence suggests these operations are part of China’s overall strategic approach to digital repression, involving a network of actors potentially hired by the Chinese government or contractors aligned with its objectives.
Chinese Hackers Launch Sophisticated Cyberattacks on Governments and Defense Sectors
Recently, cybersecurity experts uncovered a new campaign by China-aligned hackers targeting multiple Asian nations and a NATO member. They used advanced methods to gain access, focusing on unprotected internet servers. The hackers exploited known security flaws in Microsoft Exchange and IIS web applications, knocking down defenses and dropping malicious web shells. Once inside, they used a backdoor called ShadowPad to maintain long-term access. Their tools included open-source tunneling software and hacking utilities like Mimikatz for privilege escalation and remote desktop tools for movement within networks. These attackers relied on known vulnerabilities, which emphasize the importance of timely security updates for organizations. Experts recommend applying patches quickly or deploying specialized security systems to block such exploits, especially for internet-facing systems.
China-Linked Threat Groups Target Journalists and Civil Activists with Phishing Tactics
At the same time, a different set of Chinese-linked cyber operators launched campaigns aimed at journalists and civil society groups. These groups impersonated trusted individuals and organizations through convincing phishing emails to trick targets into revealing sensitive information. The groups, known as GLITTER CARP and SEQUIN CARP, focused on activists from the Uyghur, Tibetan, Taiwanese, and Hong Kong communities. They used detailed impersonation, including fake security alerts and familiar contacts, to increase the chances of success. The attackers often employed web bugs and tracking pixels to monitor email engagement. These operations appear to be part of a broader effort to gather intelligence and suppress dissent, showing how digital threats can impact human rights and press freedom. The use of sophisticated social engineering underscores the enduring importance of strong cybersecurity practices for individuals and organizations alike.
Discover More Technology Insights
Stay informed on the revolutionary breakthroughs in Quantum Computing research.
Stay inspired by the vast knowledge available on Wikipedia.
DataProtection-V1
