Skip to main content

Chinese Hackers Targeting Foreign Governments Across The World.

Phishing is still one of the widely used strategies by cybercriminals and espionage groups to gain an initial foothold on the targeted systems.
Though hacking someone with phishing attacks was easy a decade ago, the evolution of threat detection technologies and cyber awareness among people has slowed down the success of phishing and social engineering attacks over the years.
Since phishing is more sort of a one-time opportunity for hackers before their victims suspect it and likely won't fall for the same trick again, sophisticated hacking groups have started putting a lot of effort, time and research to design well-crafted phishing campaigns.
In one such latest campaign discovered by cybersecurity researchers at Check Point, a Chinese hacking group, known as Rancor, has been found conducting very targeted and extensive attacks against Southeast Asian government entities from December 2018 to June 2019.
What's interesting about this ongoing 7-month long campaign is that over this period, the Rancor group has continuously updated tactics, tools, and procedures (TTP) based on its targets in an effort to come up with phishing email contents and lure documents appear being as convincing as possible.
"The observed attacks started with emails sent on behalf of employees from different government departments, embassies, or government-related entities in a Southeast Asian country," reads a report published by CheckPoint and privately shared with The Hacker News prior to its release.
"The attackers appeared determined to reach certain targets, as tens of emails were sent to employees under the same ministries. Furthermore, the emails' origin was likely spoofed to make them seem more reliable."
Continuously Evolving Tactics, Tools, and Procedures
Researchers discovered different combinations of TTP based on their timeline, delivery, persistence, and payloads, and then combined them into 8 major variants, as listed below in this article.
Each attack variant started with a classic spear-phishing email containing a malicious document designed to run macros and exploit known vulnerabilities to install a backdoor on the victims' machines and gain full access to the systems.
hacking-tools
Most of the delivery documents in this campaign contained legitimate government-related topics, like instructions for governmental employees, official letters, press releases, surveys, and more, appeared to be sent from other government officials.
Interestingly, as part of the infection chain, in most campaigns, attackers also bring their own legitimate, signed and trusted executables of major antivirus products to side-load malicious DLLs (dynamic link library) files to evade detection, especially from behavioral monitoring products.
hacking
As shown in the illustrations above, the abused legitimate executables belong to antivirus products including a component of Avast antivirus, BitDefender agent and Windows defender.
Web Application Firewall
Though the attack chains involve fileless activities like usage of VBA macros, PowerShell code, and legitimate Windows built-in tools, this campaign is not designed to achieve a fileless approach as the researchers told The Hacker News that other parts of the campaign expose malicious activities to the file system.
"To date, we have not seen such a persistent attack on a government; the same attacks were targeted for 7 months. We believe that the US Government should take note," researchers warned as the US elections are near.
"To attack the US Government, these Chinese hackers wouldn't need to change much, except making their lure documents all in English, and include themes that would trigger the interest of the victim so that the victim would open the file."
Rancor hacking group has previously been found attacking Cambodia and Singapore and continued its operations against entities within the Southeast Asia region, and this time the group has put 7 months of its effort on targeting the Southeast Asian government sector.
"We expect the group to continue to evolve, constantly changing their TTPs in the same manner as we observed throughout the campaign, as well as pushing their efforts to bypass security products and avoid attribution," the researchers conclude.
To learn more about the Rancor group and its latest campaign, you can head on to the CheckPoint report titled, "Rancor: The Year of the Phish".


Comments

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed

How to Host a Website for Free From Your PC or Laptop.

Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c...

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.