China Hacker's Stole World's Sensitive Data For 10 Years

At this time , it is not wrong to say the China as the king of the world establishing attacking with its new weapons whether it is bioweapon or the cyber weapon. The country is currently one of the most powerful, either we take it financially or economically. The China alone has not only exploited the lives of the people but also the trust which is the base of humanity. But China wants more. What is more greater than a human’s life for China? What else China wants now? Researchers from Blackberry have recently come across a very old campaign run by the Chinese hacktivists which is unfortunately no more hidden from the world now, as per the report. The researchers unveiled the techniques adopted by the Chinese state sponsored hackers which they are using for more than a decade to steal data from the computers around the globe which are using Linux as Linux runs the stock exchanges in New York, London and Tokyo, and nearly all the big tech and e-commerce giants are dependent on it, including the likes of Google,Yahoo, and Amazon. Most U.S. government agencies and the Department of Defense also rely heavily on the Linux operating system, and it runs virtually all of the top one million websites and 75% of all web servers (Netcraft, 2019). Linux powers 98% of the world’s most advanced supercomputers, and most organization stores data in the cloud almost all having Linux in the backend .

STRATEGIES USED BY THE ATTACKERS

Researchers have identified five APT groups namely WINNTI GROUP, PASSCV, BRONZE UNION, CASPER (LEAD) and newly discovered while researching the WLNXSPLINTER which on a union forms a collective group known as “splinter cell“. The five groups listed here are financially supported and motivated by the Chinese Government who have almost tried almost all flavors of linux across many renowned industrial organizations for the purpose of espionage and intellectual property theft. The APT groups are caught to use WINNTI-style tooling that is specifically designed to aim at Linux servers as they always have a nature “always on , always available “ The WINNTI toolset includes :

Three unique and variant functioning backdoors namely :

PWNLNX1

PWNLNX2

PWNLNX3

Two rootkits which comes with backdoors namely :

PWNLNX4

PWNLNX6

An installer script to compile , download and install the malware : LANCER
A Control Panel used by to run the command-and-control (C2C) infrastructure and issue commands to the rest of the malware suite .

PWNLNX5

Besides these tools the APT hacktivists are seen to deliver malware in the same way as XOR DDoS Botnets which have been used to attack video game companies in Asia .

The APT groups uses a unique technique to install malware in the victim’s network . What they do is , they have stolen signed malware certificates from video game companies and signing malware certificates stolen from adware vendors , so in order to bypass the end user’s trust or to bypass the security on the end user’s system , they used the adware signatures (which are considered as trusted sources by the network defenders ) to remain undetected .

Researchers identified Linux malware executables defined the term ELF, which stands for Executable and Linkable Format. Unlike their Windows counterparts (called PEs or Portable Executables), ELFs do not possess a compiler time/date stamp, which makes it difficult to detect exactly when Linux samples were created.

The combination of poor security solution on the end of Linux and highly tailored, complex malware developed by the spinter cell has resulted in a suite of affecting tools that has largely gone undetected for years , on an average for a decade .

If we compare the volume of malware directed at Windows and MacOS operating systems, Linux malware is observed and written about much less often. This is the reason of relatively low rate of detection and relatively low frequency of being encountered in auditing in organizations

CONCLUSION

The Chinese threat actors believe to have targeted nearly all sectors of industries . In recent times, they are also believed to deliver malware in mobile malware in combination with traditional desktop malware in ongoing cross-platform surveillance and espionage campaigns. In the coming times, China seems to rely on its espionage actors to spread its sovereign and remain one of the most powerful countries all over the world and in order to acquire financial assets, grow its economic market.

RSU

RSU is security researcher who is constantly working to make world a secure place to live. He is working day and night in Cyber Security area.

China Hacker’s Stole World’s Sensitive Data For 10 Years

STRATEGIES USED BY THE ATTACKERS

CONCLUSION

Dual Vulnerabilities in Microsoft SharePoint Server: Essential Steps to Mitigate Vulnerabilities

Exploiting the High-Risk Vulnerabilities in Secure Boot of Most Linux Devices on the Planet

Hackers’ New Target is containerized environments through vulnerabilities in runC

Hacking Android, Linux, macOS, iOS, Windows Devices via Bluetooth using a single vulnerability

Hacking Windows 10 and 11 with DLL Search Order Hijacking without administrator rights

Healthcare Hack Horror: Cyberattacks Leave French Hospitals in Chaos for $10 Million

Hacking the Unhackable: The Story of How CISA Was Breached

The Cloudflare Hack: A Hacker, 5000 Credentials, and Operation Code Red

Hijacked Data:LockBit Ransomware Gang Targets Aerospace Giant Boeing

Timeless Targets: After Casio, Seiko Group hacked again by Ransomware gang

Unlocked Doors: The Inside Story of Casio’s Global Data Breach!

Largest soft drink bottle supplier, recycle and plastic manufacturers hacked by ransomware

Google Gemini Under Fire: Critical Security Vulnerabilities You Need to Know to hack Gemini

Cracking SCCM Wide Open: Pentesting System Center Configuration Manager with Misconfiguration Manager

Hacking Windows 10 and 11 with DLL Search Order Hijacking without administrator rights

Hacking SSH Connections by exploiting SSH Protocol Vulnerabilities: Different Terrapin Attack Vectors

Understanding Latest DHCP DNS Vulnerabilities and How DHCP Exploits work in Active Directory

Hacking Bluetooth via MiTM: The BLUFFS Bluetooth attack to hack into Millions of Devices

6 Steps to File Anonymous SEC Complaints Against Data Breachers & Force Them to Pay Fines or Take Action

Inside the Exploit: How Your ChatGPT’s Uploaded Files Could Be Stolen by Prompt Injection Vulnerability

This Google Calendar technique allows to hack into companies without getting detected

This telegram bot is like ChatGPT for scammers to steal money from victims easily

How easy is to bomb someone mobile phone with thousands of SMS messages?

This new DDoS attack prevention technique has a 99% accuracy rate

How to secure Cisco Firepower Threat Defense (FTD) firewalls ?

How to use AWS SSM agent as backdoor and hack into EC2 instances?

New tool FraudGPT allows scamming and easy hacking of victims using AI

The Dark Side of PDFs: How Opening a Simple PDF Could Unleash a Cybersecurity Nightmare

Largest soft drink bottle supplier, recycle and plastic manufacturers hacked by ransomware

Visited thesaurus.com in search for Synonyms? You have Coinminer malware infection

How to send malware via Teams, even “Safe Attachments” or “Safe Links” can’t protect you

2 Big Cloud hosting companies shutdown by ransomware and lose all customer data