Monday, February 6, 2023
spot_img
HomeCyber Security BlogsChinese Naikon Group Back with New Espionage Attack

Chinese Naikon Group Back with New Espionage Attack

 

The Chinese state-sponsored cyberespionage gang Naikon, also known as Override Panda and Lotus Panda, has resurfaced with a new phishing campaign aimed at stealing private data. In 2010, the APT organisation was initially identified, and its infrastructure was discovered in 2015.

Getting into the intricacies

Lotus Panda was discovered to have utilised a spear-phishing email to deploy a Red team framework beacon known as Viper, according to Cluster25. While the exact targets are unclear, analysts believe it is a government institution from a South Asian country.

Chain of death

A malicious document masquerading as a call for tender is included in the spear-phishing email.

Two payloads are concealed as document properties in the document.

Viper is characterised as a “graphical intranet penetration tool that modifies and enhances popular intranet intrusion strategies and approaches.”

It comes with over 80 modules to help you with initial access, privilege escalation, credential access, persistence, arbitrary command execution, and lateral movement.

The Viper framework and ARL dashboards are both hosted on the C2 server.

Chinese hackers have carried out a number of noteworthy strikes

Moshen Dragon, a cyberespionage outfit based in Central Asia, is targeting telecommunications in the region. It tries to sideload malicious DLLs into antivirus systems in order to move about, steal passwords, and exfiltrate sensitive data.

APT10, also known as Cicada, was discovered to be behind a long-running espionage effort against Japanese companies. From mid-2021 until February 2022, the operations proceeded.

The Mustang Panda APT was discovered utilising a new strain of PlugX RAT in March. The trojan, dubbed Hodur, is capable of a variety of tasks, including gathering system information, running commands, and reading and writing arbitrary files.

Conclusion

The TTPs of Override Panda show that it is engaged in long-term espionage and intelligence operations. Foreign officials and countries have been targeted by the organisation in the past. The industries that Naikon has targeted indicate that it intends to infect ASEAN countries. Furthermore, the organisation has updated and evolved its TTPs throughout time in order to avoid discovery and increase revenues.

IEMA IEMLabs
IEMA IEMLabshttps://iemlabs.com
IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -spot_img

Most Popular

Recent Comments

DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us