08-24-2023, 01:09 AM
Quote:A previously unknown hacking campaign targeted file protection, encryption and decryption software as part of a supply chain attack on unnamed targets in Hong Kong and other regions of Asia, according to an analysis published Tuesday.
Researchers with the Symantec Threat Hunter Team, part of Broadcom, dubbed the unknown actors behind the campaign “Carderbee” and said the group compromised a Cobra DocGuard software update file with the goal of deploying the Korplug backdoor (also known as PlugX), a widely used piece of malware.
The malware was signed with a legitimate Microsoft certificate, the researchers noted, which can make it much harder for security software to detect.
The campaign, which started in April 2023, was detected on roughly 100 computers across multiple organizations. Given that the Cobra DocGuard software — produced by the China-based EsafeNet, which itself is owned by the Chinese information security firm NSFOCUS — is only installed on roughly 2,000 computers, the “attacker may be selectively pushing payloads to specific victims,” the researchers said.
...
Originally limited to Chinese-related hacking campaigns, PlugX is now widespread enough that conclusive attribution is not possible, the researchers said. Nevertheless, Cobra DocGuard update files were compromised to target a Hong Kong-based gambling company in September 2022, according to ESET, by a Chinese-linked hacking effort tracked as LuckyMouse (also known as APT27, Emissary Panda and Bronze Union). That campaign also delivered a variant of the Korplug malware.
The similar tactics, techniques and procedures hint at a Chinese connection, even if full attribution isn’t yet possible. “The Korplug back door is usually used by China-linked APT groups,” said Brigid O. Gorman, a senior intelligence analyst with Symantec. “In addition to this, the targeting is in line with what we’ve seen from China-linked groups in the past. As stated in the blog there are also some similarities between this activity and previous activity carried out by the Budworm (aka APT27) group.”
Gorman declined to elaborate on the victims in this particular campaign, but noted that although there were some victims throughout south and southeast Asia, “it appears organizations in Hong Kong were the main targets in this campaign.”
Normally one would think that any Chinese hacker would have no interest in targetting a Chinese province. Yet, they have been treating Hong Kong as a rebellious region for years and for several reasons, including overreaching censorship and extreme persecution of dissenters.
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE