Critical Infrastructure Security, Threat Intelligence

Semiconductor firms targeted by Chinese hackers

Taiwan-, Singapore-, and Hong Kong-based semiconductor companies have been subjected to a new China-linked cyberespionage operation that sought to facilitate Cobalt Strike beacon infections, reports BleepingComputer. Spear-phishing emails may have been leveraged by attackers to deliver the HyperBro loader that displays a file purportedly from the Taiwan Semiconductor Manufacturing Company while deploying a Cobalt Strike beacon through DLL side-loading, Ecletic researchers reported. Another attack exploiting a Cobra DocGuard web server to deliver a McAfee binary was employed by threat actors, who used DLL side-loading for the Cobalt Strike shellcode and later deployed the Go-based ChargeWeapon backdoor. Such a campaign was attributed to Chinese attackers due to its similarities in tactics, techniques, and procedures with APT27 and RedHotel. "EclecticIQ analysts assess with high confidence that the analyzed HyperBro Loader, the malware downloader, and the GO backdoor are very likely operated and developed by a PRC backed nation-state threat actor, due to victimology, infrastructure observed, malware code and resemblance with previously reported activity clusters," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.