South Korea subjected to multi-year Chinese cyberespionage campaign

Numerous government, political, and academic organizations in South Korea have been targeted by the Chinese state-backed advanced persistent threat operation TAG-74 as part of a "multi-year" cyberespionage campaign part of China's intellectual property theft and influence operations, The Hacker News reports. Microsoft Compiled HTML Help file lures have been leveraged by TAG-74 in social engineering intrusions meant to deploy a new variant of the ReVBShell backdoor, which later facilitates the distribution of the Bisonal remote access trojan, according to a report from Recorded Future's Insikt Group. ReVBShell has been associated with China-linked operation Tick, which is noted to be related to TAG-74, while Bisonal was noted to have process and file information gathering, command and file execution, process termination, and arbitrary disk file deletion capabilities. "Given the group's persistent focus on South Korean organizations over many years and the likely operational purview of the Northern Theater Command, the group is likely to continue to be highly active in conducting long-term intelligence-gathering on strategic targets within South Korea as well as in Japan and Russia," said Recorded Future.