Critical Infrastructure Security, Threat Intelligence

Semiconductor firms targeted by Chinese hackers

Taiwan-, Singapore-, and Hong Kong-based semiconductor companies have been subjected to a new China-linked cyberespionage operation that sought to facilitate Cobalt Strike beacon infections, reports BleepingComputer. Spear-phishing emails may have been leveraged by attackers to deliver the HyperBro loader that displays a file purportedly from the Taiwan Semiconductor Manufacturing Company while deploying a Cobalt Strike beacon through DLL side-loading, Ecletic researchers reported. Another attack exploiting a Cobra DocGuard web server to deliver a McAfee binary was employed by threat actors, who used DLL side-loading for the Cobalt Strike shellcode and later deployed the Go-based ChargeWeapon backdoor. Such a campaign was attributed to Chinese attackers due to its similarities in tactics, techniques, and procedures with APT27 and RedHotel. "EclecticIQ analysts assess with high confidence that the analyzed HyperBro Loader, the malware downloader, and the GO backdoor are very likely operated and developed by a PRC backed nation-state threat actor, due to victimology, infrastructure observed, malware code and resemblance with previously reported activity clusters," said researchers.

Related

Third-party ransomware attack threatens Sweden’s liquor supply

Swedish government-owned liquor retailer Systembolaget, which is the country's lone vendor of alcoholic beverages, has warned of a shortage of some beers, wines, and spirits across the country following a ransomware attack against its distributor Skanlog, which its CEO Mona Zuko has attributed to a North Korean state-sponsored threat operation, according to The Record, a news site by cybersecurity firm Recorded Future.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.