More than a dozen industrial enterprise organizations, government agencies, military entities, and other public organizations in Russia, Ukraine, Afghanistan, Belarus, and other countries in Eastern Europe have been compromised by the Chinese hacking group TA428 through a widespread phishing
campaign that leveraged six backdoors, The Register
Phishing emails containing information not available publicly have been used by TA428 to infiltrate enterprise networks, a Kaspersky report found.
"This could indicate that the attackers did preparatory work in advance (they may have obtained the information in earlier attacks on the same organization or its employees, or on other organizations or individuals associated with the victim organization)," said researchers.
The report also shed light on the backdoors utilized by TA428 in the attack, including an updated PortDoor backdoor that facilitated data exfiltration, remote system control, and additional malware deployment. TA428 has also used the nccTrojan, Cotx, DNSep, Logtu, and the new CotScam backdoors, according to the report.
"Given that the attackers have had some success, we believe it is highly likely that similar attacks will occur again in the future. Industrial enterprises and public institutions should do a great deal of work to successfully thwart such attacks," said Kaspersky.