XE Group hacking operation uncovered

Suspected Vietnamese hacking operation XE Group, also known as XeThanh, which has been targeting healthcare organizations, government agencies, and construction firms since at least 2013, had one of its operators identified as Nguyen Huu Tai, according to The Hacker News. Tai, also known as Joe Nguyen and Thanh Nguyen, has been noted by Menlo Security to have the greatest link with the threat operation following a review of information from various online sources. XE Group was also reported by researchers to have been leveraging exploits to compromise internet-exposed servers in an effort to exfiltrate passwords and credit cards. "As far back as 2014, the threat actor was seen creating AutoIT scripts that automatically generated emails and a rudimentary credit card validator for stolen credit cards," said Menlo Security researchers. Such findings come after the operation was revealed by the Cybersecurity and Infrastructure Security Agency to have leveraged a critical vulnerability in Progress Telerik devices, tracked as CVE-2019-18935, to facilitate network compromise.