Critical Infrastructure Security, Email security, Vulnerability Management, Threat Management

Industrial orgs, government entities attacked by Chinese hacking group

More than a dozen industrial enterprise organizations, government agencies, military entities, and other public organizations in Russia, Ukraine, Afghanistan, Belarus, and other countries in Eastern Europe have been compromised by the Chinese hacking group TA428 through a widespread phishing campaign that leveraged six backdoors, The Register reports. Phishing emails containing information not available publicly have been used by TA428 to infiltrate enterprise networks, a Kaspersky report found. "This could indicate that the attackers did preparatory work in advance (they may have obtained the information in earlier attacks on the same organization or its employees, or on other organizations or individuals associated with the victim organization)," said researchers. The report also shed light on the backdoors utilized by TA428 in the attack, including an updated PortDoor backdoor that facilitated data exfiltration, remote system control, and additional malware deployment. TA428 has also used the nccTrojan, Cotx, DNSep, Logtu, and the new CotScam backdoors, according to the report. "Given that the attackers have had some success, we believe it is highly likely that similar attacks will occur again in the future. Industrial enterprises and public institutions should do a great deal of work to successfully thwart such attacks," said Kaspersky.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.